vulnerability
Potential Apache Struts 2 RCE flaw fixed, PoCs released
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …
Surge in cyber attacks targeting open source software projects
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. Rise of next-gen …
Organizations knowingly ship vulnerable code despite using AppSec tools
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. Among the top reasons cited for pushing vulnerable …
Expanding attack surfaces leave security teams stretched thin
30% of businesses globally have seen an increase in attacks on their IT systems as a result of the pandemic, HackerOne reveals. This is according to C-Level IT and security …
Critical ManageEngine ADSelfService Plus RCE flaw patched
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …
Researchers flag two zero-days in Windows Print Spooler
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …
TeamViewer flaw could be exploited to crack users’ password
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further …
Security analysis of legacy programming environments reveals critical flaws
New research from Trend Micro highlights design flaws in legacy languages and released new secure coding guidelines. These are designed to help Industry 4.0 developers greatly …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Bug in widely used bootloader opens Windows, Linux devices to persistent compromise
A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have …
Researchers find critical RCE vulnerabilities in industrial VPN solutions
Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology (OT) networks could allow attackers to overwrite data, execute …
Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …
Featured news
Resources
Don't miss
- The modern CISO is a cornerstone of organizational success
- Best practices for ensuring a secure browsing environment
- Kata Containers: Open-source container runtime, building lightweight VMs
- Why software is the key to FI risk management
- Hottest cybersecurity open-source tools of the month: December 2024