Search results for: vulnerability

Oracle

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle WebLogic is a Java EE application server that is part of Oracle’s Fusion Middleware portfolio and supports a variety of popular databases. These servers are often targeted by attackers, whether for cryptocurrency mining or as a way into other enterprise systems. About the vulnerability (CVE-2020-14882) CVE-2020-14882 may allow unauthenticated attackers with … More

Can automated penetration testing replace humans?

In the past few years, the use of automation in many spheres of cybersecurity has increased dramatically, but penetration testing has remained stubbornly immune to it. While crowdsourced security has evolved as an alternative to penetration testing in the past 10 years, it’s not based on automation but simply throwing more humans at a problem (and in the process, creating its own set of weaknesses). Recently though, tools that can be used to automate penetration … More

building

Most companies have high-risk vulnerabilities on their network perimeter

Positive Technologies performed instrumental scanning of the network perimeter of selected corporate information systems. A total of 3,514 hosts were scanned, including network devices, servers, and workstations. The results show the presence of high-risk vulnerabilities at most companies. However, half of these vulnerabilities can be eliminated by installing the latest software updates. The research shows high-risk vulnerabilities at 84% of companies across finance, manufacturing, IT, retail, government, telecoms and advertising. One or more hosts with … More

Cymatic names Stuart McClure to its advisory board

Cymatic announced that Stuart McClure, founder and former chief executive of AI security firm Cylance, has been named to the Cymatic advisory board. Stuart’s security and technology expertise will provide Cymatic with technical guidance and market leadership to ensure the success and relevance of its all-in-one client-side WAF CymaticONE + VADR. Stuart is widely recognized for his achievements in applying machine learning and artificial intelligence to endpoint protection and defense. His groundbreaking work led to … More

Code

How important are vulnerability management investments for a cybersecurity posture?

Vulnerability management (VM) technology addresses the threat landscape, which is in a constant state of flux. The wider dispersal of endpoints across private and public cloud environments increases the points of vulnerabilities in an enterprise network, intensifying the demand for VM solutions that make endpoints easier to track, verify, and secure. To prevent attacks and damage to a business, VM providers employ various means of identifying, prioritizing, communicating, and suggesting possible responses to the risks … More

HackerOne introduces integrations and partnerships to connect and defend customers

HackerOne introduced a set of strategic integrations and partnerships that make it easy to integrate HackerOne data with existing security and development workflows. Announced at the fourth annual Security conference, the integrations seek to ensure the HackerOne platform fits into customers’ existing security workflow with minimal friction, enabling them to identify, prioritize, and respond to threats in real time. “Our mission is to empower the world to build a safer internet,” Co-founder Michiel Prins explained. … More

block

Week in review: Confidential computing, data protection predictions, Sandworm hackers charged

Here’s an overview of some of last week’s most interesting news, reviews and articles: What is confidential computing? How can you use it? What is confidential computing? Can it strengthen enterprise security? Nelly Porter, Senior Product Manager, Google Cloud and Sam Lugani, Lead Security PMM, Google Workspace & GCP, answer these and other questions in this Help Net Security interview. Cybersecurity is failing due to ineffective technology Based on over 100 comprehensive interviews with business … More

laptop crime

63 billion credential stuffing attacks hit retail, hospitality, travel industries

Akamai published a report detailing criminal activity targeting the retail, travel, and hospitality industries with attacks of all types and sizes between July 2018 and June 2020. The report also includes numerous examples of criminal ads from the darknet illustrating how they cash in on the results from successful attacks and the corresponding data theft. “Criminals are not picky — anything that can be accessed can be used in some way,” said Steve Ragan, Akamai … More

CymaticONE + VADR’s new features allow customers to protect their web properties from persistent attacks

Cymatic unveiled exciting new features to its client-side web application firewall, CymaticONE + VADR—the only WAF solution that combines client-side WAF defenses with a proprietary vulnerability, awareness, detection, and response (VADR) engine to deliver continuous in-session intelligence and cyber threat defense for users and applications. Click. Click. Done. It’s that simple. CymaticONE + VADR installs at the client with a single line of JavaScript to combat modern-day cyber threats such as Magecart, cross-site scripting (XSS), … More

mobile

Safari, other mobile browsers affected by address bar spoofing flaws

Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing sensitive information through legitimate-looking phishing sites. “With ever growing sophistication of spear phishing attacks, exploitation of browser-based vulnerabilities such as address bar spoofing may exacerbate the success of spear phishing attacks and hence prove to be very lethal,” he noted. “First and foremost, it is easy to persuade the victim into stealing … More

China

25 vulnerabilities exploited by Chinese state-sponsored hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and … More

lock

Preventing cybersecurity’s perfect storm

Zerologon might have been cybersecurity’s perfect storm: that moment when multiple conditions collide to create a devastating disaster. Thanks to Secura and Microsoft’s rapid response, it wasn’t. Zerologon scored a perfect 10 CVSS score. Threats rating a perfect 10 are easy to execute and have deep-reaching impact. Fortunately, they aren’t frequent, especially in prominent software brands such as Windows. Still, organizations that perpetually lag when it comes to patching become prime targets for cybercriminals. Flaws … More