vulnerability
Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and …
Consumers vastly misjudge the vulnerability of their home networks
Internet users in the United States vastly underestimate how often their home networks are targeted by cyber threats. That’s one of the key findings of a new Comcast report. …
Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …
Cyber insurance claims on the rise
External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of …
cPanel 2FA bypass vulnerability can be exploited through brute force
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense …
VMware releases workarounds for another critical flaw (CVE-2020-4006)
For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, …
How the pandemic has accelerated existing risk trends
COVID-19 has reorganized the risk landscape for chief audit executives (CAEs), as CAEs have listed IT governance as the top risk for 2021, according to Gartner. Analysts said …
Drupal-based sites open to attack via double extension files (CVE-2020-13671)
Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also …
Companies rely on crowdsourced security to boost security efforts
61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform …
VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator
VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful …
Cisco Webex vulnerabilities may enable attackers to covertly join meetings
Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to: Join Webex meetings without appearing in the participant list …
The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …