The recently patched Drupal vulnerability tracked as CVE-2018-7600 and dubbed Drupalgeddon2 has been exploited in the wild to deliver backdoors, cryptocurrency miners and other types of malware. While much of the online activity targeting CVE-2018-7600 still appears to represent scanning (i.e. attempts to find vulnerable systems), attackers have also started exploiting the flaw to install ..
Tag : Vulnerabilities
IBM today announced the release of an open source software library designed to help developers and researchers protect artificial intelligence (AI) systems against adversarial attacks. The software, named Adversarial Robustness Toolbox (ART), helps experts create and test novel defense techniques, and deploy them on real-world AI systems. There have been significant developments in the field ..
A joint technical alert issued on Monday by the United States and the United Kingdom details how cyberspies believed to be working for the Russian government have abused various networking protocols to breach organizations. According to the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security ..
There is a good chance that your Android phone doesn’t have all of the security patches that it should, as vendors regularly omit some vulnerability fixes, security researchers have discovered. After looking at the firmware of devices from tens of device makers, Germany-based Security Research Labs researchers discovered that not all relevant patches are included ..
Cisco’s Talos intelligence and research group has reported identifying a total of 17 vulnerabilities in an industrial router from Moxa, including many high severity command injection and denial-of-service (DoS) flaws. The security holes have been identified in Moxa EDR-810, an integrated industrial multiport secure router that provides firewall, NAT, VPN and managed Layer 2 switch ..
Vulnerability management has two major components: discovering vulnerabilities, and mitigating those vulnerabilities. The first component is pointless without the second component. So, for example, Equifax, WannaCry, NotPetya, and many other breaches — if not most breaches — are down to a failure to patch, which is really a failure in vulnerability management. In these examples ..
Attempts to exploit a recently patched vulnerability in the Drupal content management system (CMS) were spotted by researchers shortly after someone published a proof-of-concept (PoC) exploit. In late March, Drupal developers rolled out an update to address CVE-2018-7600, a highly critical remote code execution flaw that can be exploited to take full control of a ..
A couple of vulnerabilities affecting the popular online survey tool LimeSurvey can be exploited by remote attackers to execute malicious code and take control of web servers with little or no user interaction, researchers warn. LimeSurvey is a free and open source tool that allows users to create online surveys. The software is downloaded roughly ..
AMD and Microsoft on Tuesday released microcode and operating system updates that should protect users against Spectre attacks. When the existence of the Spectre and Meltdown vulnerabilities was brought to light, AMD downplayed their impact on its processors, but the company did promise to release microcode updates and add protections against these types of attacks ..
Microsoft’s Patch Tuesday updates for April 2018 resolve a total of 66 vulnerabilities, including nearly two dozen critical issues affecting Windows and the company’s web browsers. None of the flaws patched this month appear to have been exploited in the wild, but one privilege escalation vulnerability discovered by a Microsoft researcher in SharePoint has been ..