vulnerabilities Archives - Page 62 of 63

Ongoing Use of Windows Vista, IE8 Pose Huge Enterprise Threat

Issued by: Security Week

A new report highlights the high number of users still operating outdated Windows operating systems and unsupported browsers. This represents a huge threat to the organizations whose users access company networks from insecure laptops and home computers within the growing adoption of BYOD policies. Duo Security reports that 65% of its clients’ Windows users are…

Vulnerabilities

Vulnerability Impacts Web-Exposed SAP Systems

Issued by: Security Week

The bug could be exploited by an external attacker to remotely obtain the list of SAP users from the system, Quenta Solutions’ Sergiu Popa, who SAP acknowledged to have reported the vulnerability, says. “This service is actually an example of application to create a time-off request. This service should not be activated in production systems,…

Vulnerabilities

Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

Issued by: CSO

The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don’t mean businesses should abandon it or other DNS service providers, Gartner says. In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill.

Vulnerabilities

AtomBombing: The Windows Vulnerability that Cannot be Patched

Issued by: Security Week

Researchers have discovered a code-injection vulnerability in the Windows operating system that cannot, because of the nature of the operating system, be patched. It could be used to bypass current malware protection solutions in place. “Unfortunately,” writes enSilo researcher Tal Liberman in a report published Oct. 27, “this issue cannot be patched since it doesn’t rely…

Vulnerabilities

Many Joomla Sites Hacked via Recently Patched Flaws

Issued by: Security Week

Less than 24 hours after Joomla released patches for a couple of critical account creation vulnerabilities, researchers noticed that malicious actors had already started exploiting the flaws in the wild. Joomla announced on October 25 the availability of version 3.6.4 to fix two serious vulnerabilities: CVE-2016-8870, which allows attackers to create user accounts even if…

Vulnerabilities

Adobe Rushes Out Emergency Patch For Critical Flash Player Vulnerability

Issued by: Dark Reading

As it has numerous times in the past, Adobe this week rushed out an emergency patch to fix a critical vulnerability in its Flash Player software that would have let attackers take complete control of a vulnerable system. An exploit for the vulnerability is available in the wild and is already being used in attacks…

Malware & Threats

Let’s Clean Up The Internet By Taking Responsibility For Our Actions

Issued by: Dark Reading

Someone has to clean the house, shovel the walk, and mow the lawn. As we grow to adulthood, we realize that this person is us. We either do it ourselves, or we have to earn enough to pay someone else to do it. The Internet has reached a point where we need to take responsibility…

Vulnerabilities

Critical Vulnerabilities Patched in Joomla

Issued by: Security Week

Two critical account creation vulnerabilities have been addressed on Tuesday in the Joomla content management system (CMS) with the release of version 3.6.4. One of the flaws, identified as CVE-2016-8870, allows an attacker to register on a website even if registration has been disabled. The security hole, affecting the Joomla core in versions 3.4.4 through…

Software Security

Software updates are critical, so automate them

Issued by: Kaspersky Blog

Why do we need to update our software, anyway? Well, the first thing to understand is that there are different kinds of updates. Some of them add new features or improve existing ones. Others make your software compatible with other programs, different protocols, new or updated operating systems, and so forth. With greater compatibility you’ll…

Cloud Security, Vulnerabilities

IoT security: Defending a young industry from attack

Issued by: Help Net Security

As the IoT industry matures, it’s safe to say we’re well past “early adopter” phase and seeing broader development and deployment. While the prospect of a more established and stable IoT environment is exciting, we’re not there yet. What we are seeing is that the space is showing its youth, and along with it, its…