Articles

What Role Should Social Media Play in Discovering Vulnerabilities?

,

New research from the Pacific Northwest National Laboratory (PNNL) Data Sciences and Analytics Group shows that 25% of vulnerabilities appear on social media before the National Vulnerability Database (NVD). And it takes an average of nearly 90 days between a vulnerability being discussed on social media and the time it shows up in the NVD.

Vulnerabilities on Social Media

The reasons application vulnerabilities show up this often on social media before they get logged in the NVB are multiple. For developers just starting out in their career or those learning about a specific piece of software, they may not know that something is a vulnerability, that vulnerabilities need to be treated differently, and/or how to report vulnerabilities. In some cases, they may not know if the “issue” they found is a true vulnerability. Naturally, they look to the tools they regularly use when connecting with other developers—social media channels like GitHub, Twitter, and the various forums and discussions housed on Reddit.

Source de l’article sur DZONE

/par

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

, , ,

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the
Source de l’article sur The Hacker News

/0 Commentaires/par

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

, , ,

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called « Mukashi, » the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall
Source de l’article sur The Hacker News

/0 Commentaires/par

Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

, , ,

Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: Adobe Genuine
Source de l’article sur The Hacker News

/0 Commentaires/par

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

, , ,

Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target
Source de l’article sur The Hacker News

/0 Commentaires/par

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

, , ,

A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is ‘ThemeGrill Demo Importer’ that comes with free as well as premium themes sold by the software development
Source de l’article sur The Hacker News

/0 Commentaires/par

The Truth About Cybersecurity Project Management

,

Whether you’re moving your company’s repository to the cloud or updating an IT infrastructure, securing data from sneaky malware attacks is crucial. According to a report on cybercrime by Accenture, the number of security breaches faced by businesses has increased by 11% since 2018. 

The losses suffered are substantial in terms of cost and information. In this climate, increasing technological advancements and 5G communication could simplify how attackers breach an organization’s security systems. 

Source de l’article sur DZONE

/par

The Rise of the Open Bug Bounty Project

, , ,

Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the
Source de l’article sur The Hacker News

/0 Commentaires/par

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

, , ,

Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a
Source de l’article sur The Hacker News

/0 Commentaires/par

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

, , ,

Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any
Source de l’article sur The Hacker News

/0 Commentaires/par