Security News > 2020 > August > Week in review: vBulletin 0-day, open source projects under attack, critical security updates galore
Intel, SAP, and Citrix release critical security updatesAugust 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well.
Exploits for vBulletin zero-day released, attacks are ongoingThe fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered.
Half of IT teams can't fully utilize cloud security solutions due to understaffingThere are unrealized gaps between the rate of implementation or operation and the effective use of cloud security access brokers within the enterprise, according to a global Cloud Security Alliance survey of more than 200 IT and security professionals from a variety of organization sizes and locations.
Surge in cyber attacks targeting open source software projectsThere has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found.
The precision of security undermined by a failure to correlateOone of the major deficiencies affecting security is not a lack of data or even an aggregation of data, but the central problem is one of correlating data and connecting the dots to find otherwise hidden traces of attack activity.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/cW6Cvfw4mjI/
Related news
- Open source maintainers: Key to software health and security (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-24 | CVE-2019-16759 | Code Injection vulnerability in Vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | 9.8 |