vulnerabilities

Vulnerabilities

Issued by: Security Week

ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes. Researchers at web security company WebARX discovered recently that versions 1.3.4 through 1.6.1 of the plugin are affected by a critical vulnerability that allows an unauthenticated attacker to wipe the entire database of…

Vulnerabilities

Issued by: Security Week

An analysis of industrial control systems (ICS) has shown that many products contain features and functions that have been designed with no security in mind, allowing malicious hackers to abuse them and potentially cause serious damage. PAS, which provides industrial cybersecurity and operations management solutions, has analyzed data collected over the past year from over…

Vulnerabilities

Issued by: Security Week

The flaw, tracked as CVE-2020-0674 and described as a memory corruption issue, affects the scripting engine in Internet Explorer, specifically a JScript component. The problematic component is a library named jscript.dll, which provides compatibility with a deprecated version of the JScript scripting language. According to Microsoft, the vulnerability can be exploited for remote code execution…

Network Security, Vulnerabilities

Issued by: Help Net Security

Upstream Security’s 2020 Automotive Cybersecurity Report shares in-depth insights and statistics gleaned from analyzing 367 publicly reported automotive cyber incidents spanning the past decade, highlighting vulnerabilities and insights identified during 2019. Automotive-related cybersecurity incidents surge “With the rapid rise of attacks on the automotive industry, OEMs and smart mobility providers need extensive visibility and clarity…

Application Security, Vulnerabilities

Issued by: Dark Reading

The latest edition of Veracode’s annual “State of Software Security” study released this week shows that many enterprise organizations are at increased breach risk because of aging, unaddressed application security flaws. Veracode recently analyzed data from application security tests on more than 85,000 applications and found that, on average, companies fix just 56% of all…

Vulnerabilities

Issued by: Dark Reading

Today is the second Tuesday of the month, and Microsoft is right on schedule with 59 security fixes, nine of which are considered Critical in severity. None of the vulnerablities were previously known or exploited, and 49 are ranked Important and one as Moderate. The latest release affects Windows, Internet Explorer, Edge, ChakraCore, Microsoft Office…

Vulnerabilities

Issued by: Dark Reading

“People make mistakes” is a common and relatable phrase, but it’s also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in “Human-Centered Security: Addressing Psychological Vulnerabilities,” a new report published today. Human vulnerabilities, whether triggered…

Application Security

Issued by: Security Week

In April 2018, following the Cambridge Analytica scandal, Facebook announced the launch of a bug bounty program focusing on the misuse of private information. The social media giant has been offering between $500 and tens of thousands of dollars for reports of apps that collect and transfer personal data. This program has now been expanded…