Security News

Discourse - the ultra-popular, widely deployed open-source community forum and mailing list management platform - has a critical remote code-execution bug that was fixed in an urgent update on Friday. Discourse is widely used and wildly popular, being known for topping competing forum software platforms in terms of usability.

A critical Discourse remote code execution vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday. Discourse is an open-source forum, long-form chat, and mailing list management platform widely deployed on the web, offering excellent usability and integration potential while focusing heavily on social features.

We know for sure that ransomware attackers and sundry dark forces want to break into critical infrastructure. Ransomware attacks on industrial environments have increased by 500 per cent since 2018.

Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. SIP aka Session Initiation Protocol is a signaling protocol that's used to control interactive communication sessions, such as voice, video, chat and instant messaging, as well as games and virtual reality, between endpoints, in addition to defining rules that govern the establishment and termination of each session.

A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following public reports of stolen cryptocurrency wallets triggered by free airdropped NFTs. The issues were fixed in less than one hour of responsible disclosure on September 26, 2021.

Electronic warfare along with the supporting technology has existed for more than a century, and it is a critical capability of the U.S. armed forces today. The initial EW threats worked in a narrow band of the radio-frequency spectrum and today the spectrum is being exploited.

Is the IoT technology that powers critical infrastructure really that vulnerable and what can be done to mitigate the risks? It is unsurprising that the vulnerability of IoT and the critical infrastructure landscape as a whole to cyberattacks is becoming a growing concern within the security landscape and recent attacks on the sector have proven the need to ramp up security efforts.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service conditions. "A Control Component Library may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller," Honeywell noted in an independent security notification published earlier this February.

Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity. On the 5th of each month, Google releases the complete security patch for the Android OS which contains both the framework and the vendor fixes for that month.

Network-attached storage maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands. QNAP promotes its QVR software as a professional solution that allows real-time video monitoring, recording, playback, and alarm notifications when coupled with supported IP cameras.