vulnerabilities Archives - Page 43 of 63

Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers

Issued by: Help Net Security

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations. About the vulnerabilities The…

Network Security

Why organizations are turning to security automation to address alert overload

Issued by: CSO

Network engineer Jose Arellano concedes that “the hardest part of my day” is keeping the network safe for 12,700 students, 1,900 staff and more than 10,000 connected devices at West Aurora School District 129 in Illinois. The two-person security team once focused primarily on getting the network running as securely and efficiently as possible for…

Vulnerabilities

4 best practices to avoid vulnerabilities in open-source code

Issued by: CSO

This year presented even more challenges for ensuring the integrity and security of open-source ecosystems. Open source has been the greatest boon to developers in that virtually anyone can use and customize it, typically at no cost, and contribute to the community. What has been a means of ensuring greater transparency, security and promoting developer…

Vulnerabilities

SAP Releases August 2020 Security Updates

Issued by: Security Week

The most important of these is a cross-site scripting (XSS) flaw in the Knowledge Management component of NetWeaver. Tracked as CVE-2020-6284 and featuring Hot News priority, the issue has a CVSS score of 9. A default component of all SAP Enterprise Portal installations, Knowledge Management allows users to manage data sources in multiple formats, to…

Vulnerabilities

18 (new) ways attackers can compromise email

Issued by: CSO

All organizations wrestle with chronic phishing attacks that are the primary vectors through which malicious actors breach systems and spread malware. Most phishing attackers deliver their payloads on networks by crafting spoofed emails that look like they come from legitimate, authoritative senders. Those look-alike emails instead derive from domains deployed solely for malicious purposes. It’s…

Mobile Security

Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks

Issued by: Security Week

During a presentation at DEF CON last week, Check Point security researcher Slava Makkaveev revealed how vulnerabilities in the compute digital-signal processor (DSP) – a subsystem that enables the processing of data with low power consumption – could open the door for Android applications to perform malicious attacks. The proprietary subsystem is licensed for programming…

Vulnerabilities

Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks

Issued by: Security Week

Cybersecurity firm ESET reported in February that billions of Wi-Fi-capable devices may have been at one point affected by a vulnerability that could have been exploited to obtain sensitive information from wireless communications. The security hole, named Kr00k and tracked as CVE-2019-15126, caused affected devices to use an all-zero encryption key to encrypt some of…

Vulnerabilities

Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift

Issued by: Dark Reading

The discovery of the Ripple20 vulnerabilities, affecting hundreds of millions of Internet of Things (IoT) devices, is the latest reminder of the dangers that third-party bugs pose to connected devices. Although the estimated 31 billion IoT devices in the world perform a vast array of crucial functions — powering lifesaving medical tools, facilitating efficient transportation,…

Malware & Threats

New DOE document names China, Russia as threats to US bulk power system

Issued by: CSO

On May 1, the Trump Administration issued an Executive Order on Securing the United States Bulk Power System that seeks to remove from the power grid crucial electric equipment supplied by vendors from foreign adversarial nations. Yesterday, the Department of Energy (DOE), Office of Electricity issued a request for information (RFI) “seeking information to understand…

Network Security

Enterprise internet attack surface is growing, report shows

Issued by: CSO

The attack surface of large enterprises has grown in recent months driven by the new work conditions imposed by the COVID-19 pandemic. The threat has increased in many areas including servers that are directly accessible from the internet, domain names, websites, web forms, certificates, third-party applications and components or mobile apps. While some of those…