vulnerabilities Archives - Page 35 of 63

BIND Vulnerabilities Expose DNS Servers to Remote Attacks

Issued by: Security Week

Three new security advisories have been published, including two that cover high-severity vulnerabilities that can be exploited remotely. The advisories describing the vulnerabilities were made public on April 28, but some organizations were privately notified in advance. The most serious of the flaws — based on its CVSS score of 8.1 — is CVE-2021-25216, a…

Malware & Threats

Cybersecurity Community Unhappy With GitHub’s Proposed Policy Updates

Issued by: Security Week

The community has been asked to provide feedback until June 1 on proposed clarifications regarding exploits and malware hosted on GitHub. “Our policy updates focus on the difference between actively harmful content, which is not allowed on the platform, and at-rest code in support of security research, which is welcome and encouraged. These updates also…

Vulnerabilities

Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks

Issued by: Security Week

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren’t sufficiently…

Vulnerabilities

Vulnerabilities in Eaton Product Can Allow Hackers to Disrupt Power Supply

Issued by: Security Week

Eaton’s IPM solution is designed to ensure system uptime and data integrity by allowing organizations to remotely monitor, manage and control the uninterruptible power supply (UPS) devices on their network. According to security advisories published this month by Eaton and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the IPM product is affected by six…

Software Security

Files on QNAP NAS Devices Encrypted in Qlocker Ransomware Attacks

Issued by: Security Week

The Taiwanese company, which makes both NAS and professional network video recorder (NVR) solutions, has long been urging users to improve the security of their devices. With QNAP NAS devices being targeted by ransomware families known as Qlocker and eCh0raix, the company is now advising users to download and install the latest Malware Remover version…

Vulnerabilities

Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software

Issued by: Security Week

Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software. In fact, a majority of the security advisories released by the company for its Stratix products address flaws that exist in Cisco software. The latest Stratix advisory released by Rockwell covers a total of 8…

Network Security

Oracle Delivers 390 Security Fixes With April 2021 CPU

Issued by: Security Week

The quarterly set of security patches addresses a total of 41 vulnerabilities considered critical severity, including 5 that feature a CVSS score of 10. The most severe of these vulnerabilities could be exploited to execute code remotely within the context of the vulnerable applications, potentially resulting in full system compromise. Oracle’s E-Business Suite received patches…

Vulnerabilities

Vulnerability in CocoaPods Dependency Manager Exposed Millions of Apps

Issued by: Security Week

A dependency manager for Swift and Objective-C Cocoa projects, CocoaPods has more than 82,000 libraries and is being used in over 3 million applications. The tool is built using Ruby and can be used with the default Ruby on macOS. The identified vulnerability, Justicz explains, resides in a function designed to check that, when a…

Malware & Threats

Europol Report Highlights Pandemic’s Effect on Cybercrime

Issued by: Security Week

Organized crime is not limited to cybercrime, but cybercrime has become a major part of organized criminal activity. Europol sees this increasing – business transformation, the increasingly digital society, and the growth of remote working all provide new vulnerabilities and more opportunities for exploitation. “Critical infrastructures will continue to be targeted by cybercriminals in the…

Application Security

FCC to Focus Efforts on 5G, Software and Cloud Service Vulnerabilities

Issued by: Security Week

Last Thursday (April 15th), Rosenworcel made a statement on future priorities by reestablishing the Communications, Security, Reliability, and Interoperability Council (CSRIC) with a focus on 5g networks and software and cloud services vulnerabilities. “I am committed to working with our federal partners and the private sector to increase the security and resiliency of our nation’s…