vulnerabilities Archives - Page 4 of 63

Addressing AI and Security Challenges With Red Teams: A Google Perspective

Issued by: Dark Reading

In our digital world, the security landscape is in a constant state of flux. Advances in artificial intelligence (AI) will trigger a profound shift in this landscape, and we must be prepared to address the security challenges associated with new frontiers of AI innovation in a responsible way. At Google, we’re acutely aware of these…

Vulnerabilities

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

Issued by: SecurityWeek

An urgent bulletin from the Burlington, Mass. company documented at least eight security defects that could be exploited remotely and urged business customers to immediately upgrade to WS_FTP Server 2020.0.4 (8.7.4) and WS_FTP Server 2022.0.2 (8.8.2). Progress Software said two of the vulnerabilities — CVE-2023-40044 and CVE-2023-40045 — are rated critical because of the risk…

News

Canadian Flair Airlines left user data leaking for months

Issued by: Security Affairs

The leak consisted of publicly accessible environment files hosted on the flyflair.com website. Flyflair.com belongs to the Canadian ultra-low-cost carrier Flair Airlines, founded in 2005. According to SimilarWeb, the website attracts 3.2 million monthly visitors. Environment files are commonly used in software development to manage environment-specific settings or sensitive information such as API keys and…

Application Security

ASPM Is Good, But It’s Not a Cure-All for App Security

Issued by: Dark Reading

Application security posture management (ASPM) is a method of managing and improving the security of software applications. It encompasses the processes, tools, and practices designed to identify, classify, and mitigate security vulnerabilities across an application’s life cycle. It includes scanning for vulnerabilities, tracking identified vulnerabilities, managing patch processes, and implementing continuous monitoring and improvement procedures….

Network Security

How to Get Your Board on Board With Cybersecurity

Issued by: Dark Reading

Nearly three-quarters (73%) of cybersecurity industry leaders have experienced burnout in the last 12 months — and who can blame them? The shift to remote and hybrid work models has increased organizations’ reliance on cloud services, limiting security teams’ visibility into employee network and endpoint environments. But reduced visibility places company data at greater risk…

Vulnerabilities

How Attackers Get In: Unpatched Vulnerabilities and Compromised Credentials

Issued by: CSO Online

How are bad actors getting access to organizations? In many cases, they simply log in. Sophos research finds that one of the most common root cause of attacks is compromised credentials. In fact, 30% of respondents to its 2023 Active Adversary Report for Business Leaders said criminals have used these credentials to log on and…

Mobile Security

Google addressed an actively exploited zero-day in Android

Issued by: Security Affairs

Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges. “There are…

Vulnerabilities

Exploit Code Published for Critical-Severity VMware Security Defect

Issued by: SecurityWeek

In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case…

Vulnerabilities

Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications

Issued by: Dark Reading

After vulnerabilities were found in the TETRA communications protocol that powers industrial control systems globally, researchers have revealed new research showing multiple additional zero-day vulnerabilities in a Motorola base station and system chip. Both are required to run and decrypt the TETRA communications algorithm, potentially exposing sensitive information. TETRA, or Terrestrial Trunked Radio, is a…