Security News > 2020 > November > Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability

Challenges organizations face in combating third-party cyber riskA CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today.
cPanel 2FA bypass vulnerability can be exploited through brute forceA two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.
Automation to shape cybersecurity activities in 2021Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts.
Out-of-band Drupal security updates fix bugs with known exploitsDrupal has released out-of-band security updates to fix two critical code execution flaws in Drupal core, as "There are known exploits for one of core's dependencies and some configurations of Drupal are vulnerable." A week earlier, the Drupal Security Team patched another RCE flaw that could have been triggered by malicious files with a double extension.
The biggest ransom demand detected by Group-IB team has been at $4 million worth of BTC. Companies rely on crowdsourced security to boost security efforts61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform continuous attack surface management, a Bugcrowd survey reveals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Cq8ZHGQUjXA/
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Defending against EDR bypass attacks (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That (source)