security vulnerabilities – Page 4

Salt Bugs Allow Full RCE as Root on Cloud Servers

Posted on April 30, 2020 by Tara Seals

Researchers say the bugs are easy to exploit and will likely be weaponized within a day. Continue reading Salt Bugs Allow Full RCE as Root on Cloud Servers→

Enterprise Security Woes Explode with Home Networks in the Mix

Posted on April 28, 2020 by Tara Seals

Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network. Continue reading Enterprise Security Woes Explode with Home Networks in the Mix→

Connected Home Hubs Open Houses to Full Remote Takeover

Posted on April 22, 2020 by Tara Seals

Users should update their firmware for three popular smart-home hubs. Continue reading Connected Home Hubs Open Houses to Full Remote Takeover→

RCE Exploit Released for IBM Data Risk Manager, No Patch Available

Posted on April 21, 2020 by Tara Seals

Three separate flaws can be chained to achieve full system compromise. Continue reading RCE Exploit Released for IBM Data Risk Manager, No Patch Available→

Tencent Ups Top Bug-Bounty Award to $15K

Posted on April 15, 2020 by Tara Seals

The Chinese ISP has expanded its program via HackerOne. Continue reading Tencent Ups Top Bug-Bounty Award to $15K→

Why “Shift Left” in DevOps is really “Shift Center”

Posted on April 8, 2020 by Stephen Gates

In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process. The problem here is that the industry still t… Continue reading Why “Shift Left” in DevOps is really “Shift Center”→

A Brisk Private Trade in Zero-Days Widens Their Use

Posted on April 6, 2020 by Tara Seals

More zero-day exploits coming up for sale by NSO Group and others is democratizing the attack vector and placing them within reach of less sophisticated attackers. Continue reading A Brisk Private Trade in Zero-Days Widens Their Use→

WordPress, Apache Struts Attract the Most Bug Exploits

Posted on March 18, 2020 by Tara Seals

An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. Continue reading WordPress, Apache Struts Attract the Most Bug Exploits→

Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches

Posted on February 11, 2020 by Tara Seals

There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update. Continue reading Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches→

Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices

Posted on January 23, 2020 by Tara Seals

The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more. Continue reading Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices→