vulnerability
Consumers vastly misjudge the vulnerability of their home networks
Internet users in the United States vastly underestimate how often their home networks are targeted by cyber threats. That’s one of the key findings of a new Comcast report. …
Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …
Cyber insurance claims on the rise
External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of …
cPanel 2FA bypass vulnerability can be exploited through brute force
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense …
VMware releases workarounds for another critical flaw (CVE-2020-4006)
For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, …
How the pandemic has accelerated existing risk trends
COVID-19 has reorganized the risk landscape for chief audit executives (CAEs), as CAEs have listed IT governance as the top risk for 2021, according to Gartner. Analysts said …
Drupal-based sites open to attack via double extension files (CVE-2020-13671)
Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also …
Companies rely on crowdsourced security to boost security efforts
61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform …
VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator
VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful …
Cisco Webex vulnerabilities may enable attackers to covertly join meetings
Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to: Join Webex meetings without appearing in the participant list …
The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …
Manufacturing industry overwhelmed by innovative threat actors
TrapX Security and Enterprise Strategy Group (ESG) have released findings of a research that surveyed 150 cyber and IT professionals directly involved in security strategy, …
Featured news
Resources
Don't miss
- Villain: Open-source framework for managing and enhancing reverse shells
- Securing the invisible: Supply chain security trends
- Why cyber resilience must be part of every organization’s DNA
- 44% of the zero-days exploited in 2024 were in enterprise solutions
- CISA warns about actively exploited Broadcom, Commvault vulnerabilities