Security News

A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports. Meant to help site owners get access to search engine optimization tools that would improve their SEO and attract more traffic, the plugin has over 200,000 installations.

Onapsis, the leader in business-critical application protection, announced the official launch of the Onapsis nCase Partner Program. "We're excited to see this next phase of the Onapsis nCase Partner Program come to fruition as our strategic alliances grow," said Chris Smith, Chief Revenue Officer, Onapsis.

MariaDB announced the immediate availability of MariaDB SkySQL, the first database-as-a-service to unlock the full power of MariaDB Platform for transactions, analytics or both, and optimized with a cloud-native architecture. "Existing services, long in the tooth, lock out community innovation, meaning patches, new versions and features are missing for literally years. MariaDB SkySQL is a next-generation cloud database, built by the world's top database engineers in the industry, allowing organizations large and small to know they have an always-on partner to not only roll out new applications, but ensure a consistent and enduring quality of service."

A researcher has stumbled on a big security flaw affecting OpenWrt, an open source operating system used by millions of home and small business routers and embedded devices. OpenWrt has become a popular Linux alternative to the stock software that vendors ship with home routers.

A critical flaw in a web server for the CODESYS automation software for engineering control systems could allow a remote, unauthenticated attacker to crash a server or execute code. In this case, the bug exists in the CODESYS web server, which is used to display CODESYS system visualization screens in a web browser.

Less than 50 percent of organizations can patch vulnerable systems swiftly enough to protect against critical threats and zero-day attacks, and 81 percent have suffered at least one data breach in the last two years, according to Automox. The research surveyed 560 IT operations and security professionals at enterprises with between 500 and 25,000 employees, across more than 15 industries to benchmark the state of endpoint patching and hardening.

"Public clouds are, by and large, homogeneous infrastructures with embedded monitoring capabilities that are ubiquitous and have centralized security administration and threat remediation tools built on top," Konstantas told Help Net Security. "Automation really is central to effective cloud security. Just take the example of data and consider the volume of data flowing into cloud hosted data bases and data warehouses. Classifying the data, identifying PII, PHI, credit cards etc., flagging overly permissioned access, and requiring additional authorization for data removal - all these things have to be automated. Even the remediation, or prevention of access needs to be automated," she noted.

Augury, the world leader in Machine Health Solutions, unveiled new capabilities and enhancements that enable operations and maintenance personnel to remotely monitor, diagnose and share information about the health and performance of the critical machinery that underpins manufacturing processes relied on to produce vital goods, including paper products, bottled water, beer, medicine and more. Augury is also providing increased support for remote on-boarding of new personnel and machines, so companies can be sure all the needed expertise from anywhere in their organization is readily accessible in order to keep all critical machinery running at peak levels, no matter what demands are being placed on it.

Creative Cloud acts as a central console for desktop users to quickly launch, manage and update their Adobe apps, such as Photoshop, Acrobat, Illustrator and more. "Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin."

A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files. Adobe Creative Cloud is a set of applications and services used for video editing, graphic design, photography and web development.