vulnerability
Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc
Critical vulnerabilities in the Siemens S7 Simatic programmable logic controller (PLC) have been discovered by cybersecurity researchers at Tel Aviv University and the …
Critical holes plugged in Cisco 220 Series smart switches
Cisco has fixed three vulnerabilities in its Cisco 220 Series smart switches and is urging owners to upgrade their firmware as soon as possible. Among these are two critical …
Digital bank Monzo urges customers to change PINs following security breach
Monzo, a UK-based mobile-only bank, has notified a subset of its users that their PINs have been inadvertently leaked into internal log files and were accessible to some of …
Online skimming: An emerging threat that requires urgent awareness and attention
A growing threat that all merchants and service providers should be aware of is web-based or online skimming. These attacks infect e-commerce websites with malicious code, …
Research shows that devices banned by US government lack basic security practices
As the August 13 deadline looms for the US ban on Chinese surveillance cameras, the news cycle is re-engaged with the issue. The panic about banned cameras still being in …
AWDL flaws open Apple users to tracking, MitM, malware planting
Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in …
200 million enterprise, industrial, and medical devices affected by RCE flaws in VxWorks RTOS
Armis researchers have discovered 11 vulnerabilities (including 6 critical RCE flaws) in Wind River VxWorks, a real-time operating system used by more than two billion devices …
Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways
Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ …
Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet
A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via …
Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
CVSS 3.1: Refined and updated for easier adoption by the security community
The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a …
Small and mid-sized organizations remain especially vulnerable to persistent compromises
Despite sophisticated prevention security tools, small to mid-sized organizations continue to be especially vulnerable to long lasting breaches due to their inability to …