Security News
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development company ThemeGrill.
Control Risks, a leading global risk consultancy and Everbridge, the global leader in critical event management, announced the formation of a new strategic alliance. The companies will combine Control Risks' deep operational security risk and all-hazards crisis management expertise with Everbridge's holistic technology platform for correlating risk intelligence to manage the full lifecycle of a critical event - from awareness and assessment to remediation, response and recovery.
A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation, has issued fixes for a critical flaw. The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU's privacy regulation, has more than 700,000 active installations - making it a ripe target for attackers.
One is a big new category that we saw emerging in 2019 was not a true data breach per se, but what we're calling a data exposure, or you may also have heard the term data lake, and that's where some businesses just forgot to put a password on their cloud environments. If you can't keep up with all those passwords, use a password manager.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks.
Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution. Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being critical in severity.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity. In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks.
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution attacks - without any user interaction. Researchers on Thursday revealed further details behind the critical Android flaw, which was patched earlier this week as part of Google's February Android Security Bulletin.
More than 80 percent of organizations impacted by CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller and Gateway, have already taken steps to secure their deployments. The security bug impacts multiple versions of Citrix ADC and Gateway, but Citrix has already released permanent patches for all of them, as attacks started to ramp up.
About one in five of the 80,000 companies affected by a critical bug in the Citrix Application Delivery Controller and Citrix Gateway are still at risk from a trivial attack on their internal operations. "The critical information about applications accessible by Citrix can be leaked," he explained.