Vulnerabilities Archives - Page 33 of 85

WAGO Controller Flaws Can Allow Hackers to Disrupt Industrial Processes

Issued by: Security Week

The vulnerabilities were found in the WAGO PFC200 programmable logic controller (PLC) and they have been patched by the vendor. One of flaws, tracked as CVE-2021-21001 and rated critical severity, has been described as a path traversal issue related to a CODESYS component used by the device. It allows an authenticated attacker with network access…

Vulnerabilities

CISA Announces Vulnerability Disclosure Policy Platform

Issued by: Security Week

Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch (FCEB) agencies identify and address vulnerabilities in critical systems. The platform was launched in support of Binding Operational Directive (BOD) 20-01, through which the Department of Homeland Security (DHS) instructed all…

Vulnerabilities

Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores

Issued by: Security Week

Fancy Product Designer is a premium plugin for online stores that provides users with the ability to customize products with images and PDF files uploaded from various devices. The plugin provides various other customization options as well. This week, Wordfence discovered that threat actors are targeting an unpatched critical vulnerability in Fancy Product Designer. The…

Vulnerabilities

Cisco Discloses Details of macOS SMB Vulnerabilities

Issued by: Security Week

SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was…

Vulnerabilities

Chinese Hackers Started Covering Tracks Days Before Public Exposure of Operations

Issued by: Security Week

Tracked as CVE-2021-22893, the vulnerability was made public in late April, after security researchers discovered that threat actors had already been exploiting it in attacks targeting organizations in the defense, financial, government, high tech, and transportation sectors in the U.S. and Europe. At the time, FireEye revealed that at least two Chinese threat actors believed…

Vulnerabilities

Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs

Issued by: Security Week

The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas. Siemens PLCs can be hacked remotely via new vulnerabilitySiemens says the security hole impacts its SIMATIC S7-1200…

Vulnerabilities

Vulnerabilities in Visual Studio Code Extensions Expose Developers to Attacks

Issued by: Security Week

Generally considered secure, VS Code extensions could expose millions of developers to malicious attacks, potentially leading to the compromise of information stored on developer machines, such as credentials, or even opening the route to further attacks. Snyk’s security researchers analyzed popular VS Code extensions that start web servers, which are typically accessible locally via a…

Vulnerabilities

VMware Urges Customers to Immediately Patch Critical vSphere Vulnerability

Issued by: Security Week

The vulnerability, tracked as CVE-2021-21985, was reported to VMware by Ricter Z of 360 Noah Lab and it has been patched in versions 6.5, 6.7 and 7.0 of vCenter Server. According to VMware, the vulnerability impacts the vSphere Client, specifically the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server even…

Vulnerabilities

Lawmakers Reintroduce ‘Pipeline Security Act’ Following Colonial Hack

Issued by: Security Week

The Pipeline Security Act was first introduced in 2019, but it did not receive a vote. Now, following the recent ransomware attack on Colonial Pipeline, which had a significant impact, the bill was reintroduced. The bipartisan pipeline security legislation would ensure that the roles of the Transportation Security Administration (TSA), which has been the primary…

Vulnerabilities

Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks

Issued by: Dark Reading

The ubiquitous Wi-Fi standard has at least three design flaws that allow a local attacker to intercept and exfiltrate wireless traffic, while additional implementation flaws enable more serious attacks for some wireless traffic, a well-known security researcher revealed this week. The design flaws in the IEEE 802.11 standard — more commonly known as Wi-Fi —…