vulnerability
Most ICS vulnerabilities disclosed this year can be exploited remotely
More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and …
Potential Apache Struts 2 RCE flaw fixed, PoCs released
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …
Surge in cyber attacks targeting open source software projects
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. Rise of next-gen …
Organizations knowingly ship vulnerable code despite using AppSec tools
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. Among the top reasons cited for pushing vulnerable …
Expanding attack surfaces leave security teams stretched thin
30% of businesses globally have seen an increase in attacks on their IT systems as a result of the pandemic, HackerOne reveals. This is according to C-Level IT and security …
Critical ManageEngine ADSelfService Plus RCE flaw patched
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …
Researchers flag two zero-days in Windows Print Spooler
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …
TeamViewer flaw could be exploited to crack users’ password
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further …
Security analysis of legacy programming environments reveals critical flaws
New research from Trend Micro highlights design flaws in legacy languages and released new secure coding guidelines. These are designed to help Industry 4.0 developers greatly …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Bug in widely used bootloader opens Windows, Linux devices to persistent compromise
A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have …
Researchers find critical RCE vulnerabilities in industrial VPN solutions
Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology (OT) networks could allow attackers to overwrite data, execute …