Security vulnerabilities stories

Ralls chats about web application security, vulnerability management, false positives, and why businesses need to think about vulnerability scanning in an entirely new way.>>

"Apple is aware of a report that this issue may have been actively exploited," the company states.>>

The average time to remediate the most severe vulnerabilities in an organisation’s IT infrastructure has now reached 256 days.>>

"Together, Ivanti and RiskSense will enable customers to take the right action at the right time and effectively defend against ransomware, which is the biggest security threat today.”>>

Tampering with this system may negatively impact a company's ability to work, to the point of full disruption of its protection system and stopping of business processes.>>

Every organisationusing Microsoft Exchange must patch their on-premise servers immediately and scan their networks for signs of malicious activity.>>

The vulnerabilities could enable attackers to break into the systems and run code, crash systems, and meddle with configuration files, amongst other malicious actions.>>

Tenable.ep is reportedly the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change.>>

2020 saw a large spike in physical and adjacent vulnerabilities, likely due to the proliferation of IoT and smart devices in use and being tested by researchers.>>

The total number of vulnerabilities in 2020 is on track to exceed 2019.>>

AppDynamics, part of Cisco, has released Cisco Secure Application, a solution designed to simplify vulnerability management, defend against cyber attacks and protect applications.>>

GitHub’s vice president of product management, Jeremy Epling, says that IT is increasingly relying on developers for security, testing, and responsibility for production operations.>>

AMNESIA:33 is a set of 33 memory-corrupting vulnerabilities affecting four open-source TCP/IP stacks: uIP; FNET; picoTCP; and Nut/Net.>>

Unmitigated vulnerabilities could give an attacker access to the device, enabling the attacker to break encryption, modify code, and run certain commands.>>

Secure Code Warrior, the secure coding company, has launched a new educational offering that simulates realistic situations to help developers extend their coding skills and preparedness.>>

"Our automated security assessment proved that all companies have network services available for connection on their network perimeter, allowing hackers to exploit software vulnerabilities and bruteforce credentials to these services.">>

GitHub has recently rolled out code scanning to help developers detect and prevent vulnerabilities from popping up in their open source and enterprise code.>>

Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home.>>

Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.>>

One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. >>

The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.>>

The vulnerabilities affect three industrial VPN servers and clients.>>

"The CVE Program looks forward to partnering with Gallagher going forward as we collectively maintain our commitment to improving security.">>

The vulnerability (CVE-2020-6287) could allow attackers to take over SAP systems by remotely accessing the server. >>