Security News > 2020 > November > Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability
Challenges organizations face in combating third-party cyber riskA CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today.
cPanel 2FA bypass vulnerability can be exploited through brute forceA two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.
Automation to shape cybersecurity activities in 2021Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts.
Out-of-band Drupal security updates fix bugs with known exploitsDrupal has released out-of-band security updates to fix two critical code execution flaws in Drupal core, as "There are known exploits for one of core's dependencies and some configurations of Drupal are vulnerable." A week earlier, the Drupal Security Team patched another RCE flaw that could have been triggered by malicious files with a double extension.
The biggest ransom demand detected by Group-IB team has been at $4 million worth of BTC. Companies rely on crowdsourced security to boost security efforts61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform continuous attack surface management, a Bugcrowd survey reveals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Cq8ZHGQUjXA/
Related news
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- FortiManager critical vulnerability under active attack (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)