Security News

Remote code-execution vulnerabilities in virtual private network products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to operational technology networks in industrial systems are vulnerable to an array of security bugs, which could give an attacker direct access to field devices and cause physical damage or shut-downs.

Researchers are warning of a critical vulnerability in a WordPress plugin called Comments - wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files and ultimately execute remote code on vulnerable website servers.

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. GRUB2 Bootloader Vulnerability Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables-leaving an opportunity for attackers to break the hardware root of trust mechanism.

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. GRUB2 Bootloader Vulnerability Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables-leaving an opportunity for attackers to break the hardware root of trust mechanism.

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems. A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client.

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems. A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client.

Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology networks could allow attackers to overwrite data, execute malicious code or commands, cause a DoS condition, and more. "Exploiting these vulnerabilities can give an attacker direct access to the field devices and cause some physical damage," Claroty researchers noted.

The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module. Corresponding with the NSA/CISA alert is an ICS-CERT advisory about a handful of bugs, one critical and ranking 10 out of 10 on the CvSS vulnerability-severity scale, in Triconex SIS equipment from Schneider.

The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have issued a joint alert urging critical infrastructure operators to take immediate measures to reduce the exposure of operational technology systems to cyberattacks. The NSA and CISA say it's imperative that critical infrastructure asset owners and operators secure industrial control systems and other OT systems due to the high risk of cyberattacks launched by foreign threat actors.

Snyk has announced the significant enhancements to its prioritization capabilities, helping security and development teams automatically identify and fix the most critical vulnerabilities. By giving developers the immediate priority scoring, deep application context, customizable security policies, and Snyk's automated fix PRs, security teams can ensure their developers are fixing the most important open source and container vulnerabilities, as quickly as possible.