Security News

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now
2020-05-11 12:11

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720.

vBulletin fixes critical vulnerability, patch immediately!
2020-05-11 11:08

If you're using vBulletin to power your online forum(s), you should implement the newest security patches offered by the developers as soon as possible. The patches fix CVE-2020-12720, a vulnerability affecting versions 5.5.6, 5.6.0 and 5.6.1 with could be exploited without previous authentication.

Samsung Patches Critical 0-Click Vulnerability in Smartphones
2020-05-07 19:44

Samsung this week released its May 2020 set of security updates for Android smartphones, which includes a patch for a critical vulnerability impacting all of its devices since 2014. In addition to the fixes in the Android Security Bulletin - May 2020, the phone maker's updates patch 19 vulnerabilities specific to Samsung smartphones.

Critical Flaw in CODESYS Industrial Controller Software Allows Code Execution
2020-05-07 18:31

Cisco's Talos threat intelligence and research group revealed on Wednesday that one of its researchers discovered a critical remote code execution vulnerability in the CODESYS Control SoftPLC industrial controller software. CODESYS Control SoftPLC is a runtime system that converts any PC or embedded device into an IEC 61131-3-compliant industrial controller.

Firefox 76.0 released with critical security patches – update now
2020-05-06 14:58

Firefox just published its latest now-every-fourth-Tuesday release, bringing numerous security fixes, including three denoted critical. CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8.

Absolute enables customers to self-heal even more of their mission-critical security controls
2020-05-06 01:15

Absolute, the leader in Endpoint Resilience, announced it is enabling customers to self-heal even more of their mission-critical security controls, recently adding support for applications from Tanium and Citrix to ensure they remain healthy and virtually undeletable. Early findings from Absolute's upcoming 2020 State of Endpoint Resilience Report show the typical enterprise endpoint device has more than 10 distinct endpoint security agents running - all competing for the bandwidth and resources needed to function effectively and deliver their intended value.

Android's May 2020 Patches Fix Critical System Vulnerability
2020-05-05 11:20

Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component. A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level.

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
2020-05-04 19:23

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost's server management infrastructure.

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
2020-05-04 02:00

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
2020-05-04 02:00

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.