Mar 24, 2023Ravie LakshmananWeb Security / WordPress Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It … [Read more...] about Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
Critical
Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been … [Read more...] about Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Jan 31, 2023Ravie LakshmananData Security / Vulnerability Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS … [Read more...] about QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
Jan 14, 2023Ravie LakshmananServer Security / Patch Management A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a … [Read more...] about Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability
Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
Dec 29, 2022Ravie LakshmananServer Security / Citrix Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the virtualization services provider on … [Read more...] about Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
Secure Email Threat Defense: Providing critical insight into business risk
Attackers specifically craft business email compromise (BEC) and phishing emails using a combination of malicious techniques, expertly selected from an ever-evolving bag of tricks. They’ll use these techniques to impersonate a person or business that’s well-known to the targeted recipient and hide their true intentions, while attempting to avoid detection by security … [Read more...] about Secure Email Threat Defense: Providing critical insight into business risk
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Dec 05, 2022Ravie Lakshmanan The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based … [Read more...] about Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and … [Read more...] about CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software
VMware has patched five security flaws affecting its Workspace ONE Assist solution, some of which could be exploited to bypass authentication and obtain elevated permissions. Topping the list, are three critical vulnerabilities tracked as CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687. All the shortcomings are rated 9.8 on the CVSS vulnerability scoring … [Read more...] about VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software
Leading financial institutions hedge risk by focusing on these 5 critical SIEM requirements
Digital transformation is expanding the attack surface in financial services. Throughout the pandemic, the accelerated adoption of digital banking, payments, and insurance channels has enabled providers to offer greater levels of service, new financial products, and enhanced journeys to their customers.However, with growing amounts of data and increasingly complex IT … [Read more...] about Leading financial institutions hedge risk by focusing on these 5 critical SIEM requirements