Over 47,000 Supermicro servers are exposing BMC ports on the internet
Security researchers with Eclypsium have discovered that more than 47,000 servers and other machines relying on Supermicro motherboards are at risk of attacks due to a number of security flaws collectively referred to as USBAnywhere. The vulnerabilities impact the baseboard management controller (BMC) firmware of Supermicro motherboards that is designed
WordPress sites under attack as hacker group tries to create rogue admin accounts
Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered. The campaign was first spotted last month. At first, the attackers were injecting WordPress
Critical Cisco VM Bug Allows Remote Takeover of Routers
Various Cisco routers are vulnerable to remote takeover by hackers due to a security flaw that has been given the maximum severity score on the CvSS scale (10 out of 10). Cisco has released a patch for the bug and warns that it could be exploited by sending a simple
BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk — Update Now
Researchers with SafeBreach have uncovered a critical security flaw in the free version of BitDefender’s antivirus solution that can enable hackers to take over Windows machines running the vulnerable software. The issue has now been patched. The flaw stems from the fact that the software does not adequately verify whether
Apple Issues 3 Emergency Security Fixes To Block Hackers From Taking Over iPhones, Macs, Apple TVs
On Monday, Apple patched the critical jailbreak vulnerability that was accidentally reintroduced for iOS 12.4 after it had been patched in iOS 12.3. The tech giant also released security fixes for the same vulnerability in macOS (10.14.6) and tvOS (12.4.1). The flaws for macOS and tvOS had not been disclosed
Cybersecurity alert: 34% of vulnerabilities found this year remain unpatched
In the first six months of this year, there were over 4,000 fewer entries in the common vulnerabilities and exploits (CVE) database, a new report by Risk Based Security shows. However, the study warns that 34% of the more than 11,000 security flaws that were reported, haven’t been patched yet.
Hackers are actively trying to steal passwords from two widely used VPNs
Security researchers are warning that threat actors have begun scanning the web for servers vulnerable to flaws affecting two highly popular VPN solutions. By exploiting vulnerable servers, hackers could steal login credentials , encryption keys and other sensitive information belonging to users of Fortigate VPN and Pulse Secure VPN. The
The patching paradox: vulnerability scoring leads to slower high-risk remediation
New research by Kenna Security confirms that vulnerabilities are patched faster in firms that have a mature vulnerability management program. While this is hardly surprising, the study also reveals that in the context of patch management, paying too much attention to the Common Vulnerability Scoring System (CVSS) may actually result
Apache Struts Called Out For Incorrect Security Advisories
Apache Struts has repeatedly provided incorrect and incomplete information in the security advisories for the popular open-source web application framework, new research by Synopsys has found. 24 of the 57 security advisories that were covered by the study contained errors in terms of the Apache Struts versions that were said
Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
As part of August’s Patch Tuesday, Microsoft made fixes for 93 security vulnerabilities available. 29 issues are critical, including four remote code-execution (RCE) flaws in Remote Desktop Services (RDS) and one critical RCE bug in Microsoft Word. Two of the RDS flaws stand out in particular, as they are “wormable,”