Security researchers with Eclypsium have discovered that more than 47,000 servers and other machines relying on Supermicro motherboards are at risk of attacks due to a number of security flaws collectively referred to as USBAnywhere. The vulnerabilities impact the baseboard management controller (BMC) firmware of Supermicro motherboards that is designed

Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered. The campaign was first spotted last month. At first, the attackers were injecting WordPress

Various Cisco routers are vulnerable to remote takeover by hackers due to a security flaw that has been given the maximum severity score on the CvSS scale (10 out of 10). Cisco has released a patch for the bug and warns that it could be exploited by sending a simple

Researchers with SafeBreach have uncovered a critical security flaw in the free version of BitDefender’s antivirus solution that can enable hackers to take over Windows machines running the vulnerable software. The issue has now been patched. The flaw stems from the fact that the software does not adequately verify whether

On Monday, Apple patched the critical jailbreak vulnerability that was accidentally reintroduced for iOS 12.4 after it had been patched in iOS 12.3. The tech giant also released security fixes for the same vulnerability in macOS (10.14.6) and tvOS (12.4.1). The flaws for macOS and tvOS had not been disclosed

In the first six months of this year, there were over 4,000 fewer entries in the common vulnerabilities and exploits (CVE) database, a new report by Risk Based Security shows. However, the study warns that 34% of the more than 11,000 security flaws that were reported, haven’t been patched yet.

Security researchers are warning that threat actors have begun scanning the web for servers vulnerable to flaws affecting two highly popular VPN solutions. By exploiting vulnerable servers, hackers could steal login credentials , encryption keys and other sensitive information belonging to users of Fortigate VPN and Pulse Secure VPN. The

New research by Kenna Security confirms that vulnerabilities are patched faster in firms that have a mature vulnerability management program. While this is hardly surprising, the study also reveals that in the context of patch management, paying too much attention to the Common Vulnerability Scoring System (CVSS) may actually result

Apache Struts has repeatedly provided incorrect and incomplete information in the security advisories for the popular open-source web application framework, new research by Synopsys has found. 24 of the 57 security advisories that were covered by the study contained errors in terms of the Apache Struts versions that were said

As part of August’s Patch Tuesday, Microsoft made fixes for 93 security vulnerabilities available. 29 issues are critical, including four remote code-execution (RCE) flaws in Remote Desktop Services (RDS) and one critical RCE bug in Microsoft Word. Two of the RDS flaws stand out in particular, as they are “wormable,”