Security News > 2020 > November > Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability

Challenges organizations face in combating third-party cyber riskA CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today.
cPanel 2FA bypass vulnerability can be exploited through brute forceA two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.
Automation to shape cybersecurity activities in 2021Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts.
Out-of-band Drupal security updates fix bugs with known exploitsDrupal has released out-of-band security updates to fix two critical code execution flaws in Drupal core, as "There are known exploits for one of core's dependencies and some configurations of Drupal are vulnerable." A week earlier, the Drupal Security Team patched another RCE flaw that could have been triggered by malicious files with a double extension.
The biggest ransom demand detected by Group-IB team has been at $4 million worth of BTC. Companies rely on crowdsourced security to boost security efforts61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform continuous attack surface management, a Bugcrowd survey reveals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Cq8ZHGQUjXA/
Related news
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Defending against EDR bypass attacks (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)