Search results for: vulnerability


Out-of-band Drupal security updates fix bugs with known exploits

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits for one of core’s dependencies and some configurations of Drupal are vulnerable.” The vulnerabilities (CVE-2020-28948, CVE-2020-28949) CVE-2020-28948 and CVE-2020-28949 are arbitrary PHP code execution vulnerabilities found in the open source PEAR Archive_Tar library, which Drupal uses to handle TAR files in PHP. “(The) vulnerabilities are possible if Drupal is configured to allow … More


Cyber insurance claims on the rise

External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a report from Allianz Global Corporate & Specialty (AGCS). The study analyzes 1,736 cyber-related insurance claims worth EUR 660mn (US$ 770mn) involving AGCS and other insurers from 2015 to 2020. “Losses from incidents such as distributed denial of service (DDoS) attacks or phishing … More


The AI in cybersecurity market to generate $101.8 billion in 2030

The AI in cybersecurity market is projected to generate a revenue of $101.8 billion in 2030, increasing from $8.6 billion in 2019, progressing at a 25.7% CAGR during 2020-2030, ResearchAndMarkets reveals. The market is categorized into threat intelligence, fraud detection/anti-fraud, security and vulnerability management, data loss prevention (DLP), identity and access management, intrusion detection/prevention system, antivirus/antimalware, unified threat management, and risk & compliance management, on the basis of application. The DLP category is expected to … More


How to mitigate risks in an interconnected intelligent enterprise

Cloud migrations and SaaS adoption have skyrocketed during the pandemic. In fact, a recent survey shows that the pandemic caused 40% of businesses to accelerate their move to the cloud. Companies rely on the flexibility of these platforms and tools to increase productivity regardless of employee location. Interconnected environments Organizations also often connect these applications to critical business processes to transfer valuable customer data, personally identifiable information (PII), financial and other sensitive information to help … More


Automation to shape cybersecurity activities in 2021

Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts. Traditionally a high-investment, high-return targeted attack, in 2021 automation tools will replace manual techniques to help cybercriminals launch spear phishing campaigns at record volumes, by harvesting victim-specific data from social media sites and company web pages. Automated spear phishing attacks to prey on fears And as society continues to grapple with the impact of COVID-19, it is likely … More


cPanel 2FA bypass vulnerability can be exploited through brute force

A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found. The vulnerability has been patched last week and, by now, web hosting providers have hopefully upgraded their installations. Still, admins of sites that are managed through cPanel should check whether their provider did perform the update (and demand they do it if they haven’t). About the cPanel 2FA bypass … More


VMware releases workarounds for another critical flaw (CVE-2020-4006)

For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, Access Connector, VMware Identity Manager and VMware Identity Manager Connector. As some of these are components of the VMware Cloud Foundation (vIDM) and vRealize Suite Lifecycle Manager (vIDM) product suites, those are impacted as well. About the vulnerability (CVE-2020-4006) Not much has been shared about CVE-2020-4006, except that … More


How the pandemic has accelerated existing risk trends

COVID-19 has reorganized the risk landscape for chief audit executives (CAEs), as CAEs have listed IT governance as the top risk for 2021, according to Gartner. Analysts said the pandemic is giving rise to new sets of risks while exacerbating long-standing vulnerabilities. Gartner conducted interviews and surveys from across its global network of client organizations to identify the top 12 risks, or “Audit Plan Hot Spots,” facing boards, audit committees and executives entering 2021. Existing … More

Drupal-based sites open to attack via double extension files (CVE-2020-13671)

Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also been urged to check that the vulnerability hasn’t already been covertly leveraged by attackers. About the vulnerability (CVE-2020-13671) CVE-2020-13671 exists because Drupal core (the standard release of Drupal) does not properly sanitize certain filenames on uploaded files. A malicious file with a double extension (e.g., php.txt) … More


Companies rely on crowdsourced security to boost security efforts

61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform continuous attack surface management, a Bugcrowd survey reveals. Only one out of five organizations surveyed qualified as a “leader” in how they execute attack surface and vulnerability management, while 49% ranked in the second tier as “fast-followers” and 39% ranked in the bottom tier as “emerging organizations.” The survey discovered … More

week in review

Week in review: Kali Linux 2020.4, AWS Network Firewall, speeding up malware analysis

Here’s an overview of some of last week’s most interesting news, reviews and articles: Kali Linux 2020.4 released: New default shell, fresh tools, and more! Offensive Security has released Kali Linux 2020.4, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which … More


VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes. Vulnerabilities in ESXi hypervisor exploited during a hacking competition During the Tianfu Cup Pwn Contest that was held in Chengdu, China, earlier this month, Xiao Wei and Tianwen Tang, two researchers from the Qihoo 360 Vulcan Team, exploited two previously unknown vulnerabilities to thoroughly compromise VMWare’s ESXi hypervisor: … More