Security News

Conducted jointly with Politecnico di Milano, the research details how design flaws in legacy programming languages could lead to vulnerable automation programs. Legacy proprietary programming languages such as RAPID, KRL, AS, PDL2, and PacScript were designed without an active attacker model in mind.

Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week's Black Hat USA 2020. Erez Yalon, the director of security research with Checkmarx, discussed why these critical vulnerabilities are a "Holy grail" for attackers, and explained how the bugs are indicative of overall application security trends that will be discussed this week at Black Hat USA 2020.

A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup "Group," access the group's member details and even redirect Meetup payments to an attacker-owned PayPal account.

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking deployments for the Cisco Nexus-powered data center.

Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco's NX-OS - the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

We sat down with Scott Hamilton, Senior Director, Product Management, Data Center Systems at Western Digital, to learn more about SSDs and how they fit into current business environments and data centers. What features do SSDs need to have in order to offer uncompromised performance for the most demanding servers running mission-critical workloads in enterprise environments? What are some of the misconceptions IT leaders are facing when choosing SSDs? First, IT leaders must understand environmental considerations, including the application, use case and its intended workload, before committing to specific SSDs. It's well understood that uncompromised performance is paramount to support mission critical workloads in the enterprise environment.

Critical flaws in Adobe's Magento e-commerce platform - which is commonly targeted by attackers like the Magecart cybergang - could enable arbitrary code execution on affected systems. Adobe on Tuesday released security updates for flaws affecting Magento Commerce 2 and Magento Open Source 2, versions 2.3.5-p1 and earlier.

Remote code-execution vulnerabilities in virtual private network products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to operational technology networks in industrial systems are vulnerable to an array of security bugs, which could give an attacker direct access to field devices and cause physical damage or shut-downs.

Researchers are warning of a critical vulnerability in a WordPress plugin called Comments - wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files and ultimately execute remote code on vulnerable website servers.

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. GRUB2 Bootloader Vulnerability Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables-leaving an opportunity for attackers to break the hardware root of trust mechanism.