04 Sep 2019

Over 47,000 Supermicro servers are exposing BMC ports on the internet

Security researchers with Eclypsium have discovered that more than 47,000 servers and other machines relying on Supermicro motherboards are at risk of attacks due to a number of security flaws collectively referred to as USBAnywhere. The vulnerabilities impact the baseboard management controller (BMC) firmware of Supermicro motherboards that is designed

Read More
02 Sep 2019

WordPress sites under attack as hacker group tries to create rogue admin accounts

Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered. The campaign was first spotted last month. At first, the attackers were injecting WordPress

Read More
30 Aug 2019

Critical Cisco VM Bug Allows Remote Takeover of Routers

Various Cisco routers are vulnerable to remote takeover by hackers due to a security flaw that has been given the maximum severity score on the CvSS scale (10 out of 10). Cisco has released a patch for the bug and warns that it could be exploited by sending a simple

Read More
27 Aug 2019

BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk — Update Now

Researchers with SafeBreach have uncovered a critical security flaw in the free version of BitDefender’s antivirus solution that can enable hackers to take over Windows machines running the vulnerable software. The issue has now been patched. The flaw stems from the fact that the software does not adequately verify whether

Read More
27 Aug 2019

Apple Issues 3 Emergency Security Fixes To Block Hackers From Taking Over iPhones, Macs, Apple TVs

On Monday, Apple patched the critical jailbreak vulnerability that was accidentally reintroduced for iOS 12.4 after it had been patched in iOS 12.3. The tech giant also released security fixes for the same vulnerability in macOS (10.14.6) and tvOS (12.4.1). The flaws for macOS and tvOS had not been disclosed

Read More
26 Aug 2019

Cybersecurity alert: 34% of vulnerabilities found this year remain unpatched

In the first six months of this year, there were over 4,000 fewer entries in the common vulnerabilities and exploits (CVE) database, a new report by Risk Based Security shows. However, the study warns that 34% of the more than 11,000 security flaws that were reported, haven’t been patched yet.

Read More
26 Aug 2019

Hackers are actively trying to steal passwords from two widely used VPNs

Security researchers are warning that threat actors have begun scanning the web for servers vulnerable to flaws affecting two highly popular VPN solutions. By exploiting vulnerable servers, hackers could steal login credentials , encryption keys and other sensitive information belonging to users of Fortigate VPN and Pulse Secure VPN. The

Read More
23 Aug 2019

The patching paradox: vulnerability scoring leads to slower high-risk remediation

New research by Kenna Security confirms that vulnerabilities are patched faster in firms that have a mature vulnerability management program. While this is hardly surprising, the study also reveals that in the context of patch management, paying too much attention to the Common Vulnerability Scoring System (CVSS) may actually result

Read More
16 Aug 2019

Apache Struts Called Out For Incorrect Security Advisories

Apache Struts has repeatedly provided incorrect and incomplete information in the security advisories for the popular open-source web application framework, new research by Synopsys has found. 24 of the 57 security advisories that were covered by the study contained errors in terms of the Apache Struts versions that were said

Read More
14 Aug 2019

Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List

As part of August’s Patch Tuesday, Microsoft made fixes for 93 security vulnerabilities available. 29 issues are critical, including four remote code-execution (RCE) flaws in Remote Desktop Services (RDS) and one critical RCE bug in Microsoft Word. Two of the RDS flaws stand out in particular, as they are “wormable,”

Read More