Security News

Firefox just published its latest now-every-fourth-Tuesday release, bringing numerous security fixes, including three denoted critical. CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8.

Absolute, the leader in Endpoint Resilience, announced it is enabling customers to self-heal even more of their mission-critical security controls, recently adding support for applications from Tanium and Citrix to ensure they remain healthy and virtually undeletable. Early findings from Absolute's upcoming 2020 State of Endpoint Resilience Report show the typical enterprise endpoint device has more than 10 distinct endpoint security agents running - all competing for the bandwidth and resources needed to function effectively and deliver their intended value.

Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component. A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level.

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost's server management infrastructure.

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.

The Salt community has been aware of a critical vulnerability in Salt Master versions since late last week. "More warnings appeared early this week. F-Secure's Mikko Hypponen tweeted on Monday, 27 April:"The vulnerability in Salt Master 3000.1 has been rated with a CVSS of 10.0"".

Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more. The flaws range in seriousness and impact, but could allow third-party attackers to steal personal information or target the financial payment methods that are tied to the platforms.

Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system plugins that various organizations and universities use to offer online training courses through their WordPress-based websites. According to the Check Point Research Team, the three WordPress plugins in question - LearnPress, LearnDash, and LifterLMS - have security flaws that could permit students, as well as unauthenticated users, to pilfer personal information of registered users and even attain teacher privileges.

Security researchers are sounding the alarm over newly discovered vulnerabilities in some popular online learning management system plugins that various organizations and universities use to offer online training courses through their WordPress-based websites. According to the Check Point Research Team, the three WordPress plugins in question - LearnPress, LearnDash, and LifterLMS - have security flaws that could permit students, as well as unauthenticated users, to pilfer personal information of registered users and even attain teacher privileges.