security flaws Archives - Cyber Security Minute

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

Issued by: SecurityWeek

An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2). Progress Software said two of the vulnerabilities — CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk…

Application Security

Google Patches High-Risk Android Security Flaws

Issued by: Security Week

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…

Application Security, Vulnerabilities

About 50% of Apps Are Accruing Unaddressed Vulnerabilities

Issued by: Dark Reading

The latest edition of Veracode’s annual “State of Software Security” study released this week shows that many enterprise organizations are at increased breach risk because of aging, unaddressed application security flaws. Veracode recently analyzed data from application security tests on more than 85,000 applications and found that, on average, companies fix just 56% of all…

Network Security

Security flaw could turn load balancers into beachheads for cyber attacks

Issued by: Help Net Security

Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product. Adversaries can exploit these insecurely configured load balancers to penetrate networks and perform a wide variety of attacks against organizations, or…

Vulnerabilities

Multiple Security Flaws Discovered in Visitor Management Systems

Issued by: Security Week

The analyzed systems include Lobby Track Desktop (Jolly Technologies), EasyLobby Solo (HID Global), eVisitorPass (Threshold Security), Envoy Passport (Envoy), and The Receptionist (The Receptionist). A total of 19 vulnerabilities were discovered in these systems, and their successful exploitation could lead to exfiltration of data such as visitor logs, contact information, or corporate activities; complete takeover…

Application Security

What is application security? A process and tools for securing software

Issued by: CSO

Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This is becoming more important as hackers increasingly target applications with their attacks. Application security…