Security News > 2020 > November > Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability

Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability
2020-11-29 09:00

Challenges organizations face in combating third-party cyber riskA CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today.

cPanel 2FA bypass vulnerability can be exploited through brute forceA two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.

Automation to shape cybersecurity activities in 2021Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts.

Out-of-band Drupal security updates fix bugs with known exploitsDrupal has released out-of-band security updates to fix two critical code execution flaws in Drupal core, as "There are known exploits for one of core's dependencies and some configurations of Drupal are vulnerable." A week earlier, the Drupal Security Team patched another RCE flaw that could have been triggered by malicious files with a double extension.

The biggest ransom demand detected by Group-IB team has been at $4 million worth of BTC. Companies rely on crowdsourced security to boost security efforts61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform continuous attack surface management, a Bugcrowd survey reveals.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Cq8ZHGQUjXA/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cpanel 5 110 253 28 26 417