Security News > 2020 > November > Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability
Challenges organizations face in combating third-party cyber riskA CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today.
cPanel 2FA bypass vulnerability can be exploited through brute forceA two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.
Automation to shape cybersecurity activities in 2021Automation will play a major role in shaping cybersecurity attack and defence activities in 2021, WatchGuard predicts.
Out-of-band Drupal security updates fix bugs with known exploitsDrupal has released out-of-band security updates to fix two critical code execution flaws in Drupal core, as "There are known exploits for one of core's dependencies and some configurations of Drupal are vulnerable." A week earlier, the Drupal Security Team patched another RCE flaw that could have been triggered by malicious files with a double extension.
The biggest ransom demand detected by Group-IB team has been at $4 million worth of BTC. Companies rely on crowdsourced security to boost security efforts61% of organizations perform attack surface discovery to offset frequently changing assets in their attack surface and attack surface expansion, yet 40% of companies perform continuous attack surface management, a Bugcrowd survey reveals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Cq8ZHGQUjXA/
Related news
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)