Vulnerabilities Archives - Page 84 of 85

Ongoing Use of Windows Vista, IE8 Pose Huge Enterprise Threat

Issued by: Security Week

A new report highlights the high number of users still operating outdated Windows operating systems and unsupported browsers. This represents a huge threat to the organizations whose users access company networks from insecure laptops and home computers within the growing adoption of BYOD policies. Duo Security reports that 65% of its clients’ Windows users are…

Vulnerabilities

Vulnerability Impacts Web-Exposed SAP Systems

Issued by: Security Week

The bug could be exploited by an external attacker to remotely obtain the list of SAP users from the system, Quenta Solutions’ Sergiu Popa, who SAP acknowledged to have reported the vulnerability, says. “This service is actually an example of application to create a time-off request. This service should not be activated in production systems,…

Vulnerabilities

Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

Issued by: CSO

The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don’t mean businesses should abandon it or other DNS service providers, Gartner says. In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill.

Vulnerabilities

AtomBombing: The Windows Vulnerability that Cannot be Patched

Issued by: Security Week

Researchers have discovered a code-injection vulnerability in the Windows operating system that cannot, because of the nature of the operating system, be patched. It could be used to bypass current malware protection solutions in place. “Unfortunately,” writes enSilo researcher Tal Liberman in a report published Oct. 27, “this issue cannot be patched since it doesn’t rely…

Vulnerabilities

Many Joomla Sites Hacked via Recently Patched Flaws

Issued by: Security Week

Less than 24 hours after Joomla released patches for a couple of critical account creation vulnerabilities, researchers noticed that malicious actors had already started exploiting the flaws in the wild. Joomla announced on October 25 the availability of version 3.6.4 to fix two serious vulnerabilities: CVE-2016-8870, which allows attackers to create user accounts even if…

Vulnerabilities

Flash zero-day being exploited in targeted attacks

Issued by: Symantec Blog

A newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). The critical vulnerability affects Adobe Flash Player 23.0.0.185 and earlier versions for the following operating systems: Windows Mac Linux Chrome OS According to Adobe, an exploit…

Application Security, Vulnerabilities

Cisco Patches 9 Flaws in Email Security Appliance

Issued by: Security Week

The most serious, rated “high severity,” are three DoS flaws in the AsyncOS software for Cisco ESA. The security holes, tracked as CVE-2016-6356, CVE-2016-1486 and CVE-2016-1481, allow a remote, unauthenticated attacker to cause a DoS condition on affected devices using specially crafted emails and malicious attachments. CVE-2016-1481 and CVE-2016-6356 affect AsyncOS versions 8.0 and prior,…

Vulnerabilities

Adobe Rushes Out Emergency Patch For Critical Flash Player Vulnerability

Issued by: Dark Reading

As it has numerous times in the past, Adobe this week rushed out an emergency patch to fix a critical vulnerability in its Flash Player software that would have let attackers take complete control of a vulnerable system. An exploit for the vulnerability is available in the wild and is already being used in attacks…

Vulnerabilities

Critical Vulnerabilities Patched in Joomla

Issued by: Security Week

Two critical account creation vulnerabilities have been addressed on Tuesday in the Joomla content management system (CMS) with the release of version 3.6.4. One of the flaws, identified as CVE-2016-8870, allows an attacker to register on a website even if registration has been disabled. The security hole, affecting the Joomla core in versions 3.4.4 through…

Vulnerabilities

US transport agency guidance on vehicle cybersecurity irks lawmakers

Issued by: CIO Security

Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required. “This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,” said Senators Edward J. Markey, a Democrat…