vulnerabilities

Vulnerabilities

Issued by: CSO

Security researchers have found several vulnerabilities affecting many models of APC Smart-UPS uninterruptible power supplies that could be exploited to take over the devices. UPS devices are used across many industries to keep mission-critical devices running in case of power loss. “Two of these are remote code execution (RCE) vulnerabilities in the code handling the…

Software Security

Issued by: Dark Reading

Open source software is ubiquitous. It has become an unequaled driver of technological innovation because organizations that use it don’t have to reinvent the wheel for common software components. However, the ubiquity of open source software also presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently)…

Vulnerabilities

Issued by: Security Week

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

Vulnerabilities

Issued by: Security Week

QNAP typically provides security updates for four years after a product has reached EOL status. The reason for that, the company says, is that some models may be technologically deprecated and may lack performance capabilities and operational memory, meaning that they may not receive updated drivers. However, due to evolving security threats targeting QNAP models,…

Network Security

Issued by: CIO Security

For many Chief Information Security Officers (CISOs), reporting to the board of directors has been handled as a reactionary, albeit very necessary task. After all, it’s the board of directors that sit atop the corporate governance model, so it is incumbent upon security professionals to keep them informed. But communicating about security incidents—like the Log4j…

Vulnerabilities

Issued by: Dark Reading

Digital Shadows announces the launch of a new Vulnerability Intelligence module within SearchLight. The new capability enables security teams to rapidly identify which of the many thousands of Common Vulnerabilities and Exposures (CVEs) they should focus their limited resources on and how they can prevent criminals from exploiting them. The new module, within Digital Shadows…

Vulnerabilities

Issued by: Kaspersky Blog

Four years have passed since the first publication of the research on Spectre and Meltdown, hardware vulnerabilities in modern processors. Since then, researchers discovered several similar flaws, that are potentially capable of leaking confidential data. The researchers also showed examples of attacks using these vulnerabilities, although most of them are unlikely to be used in…