Security News

Application delivery and networking firm F5 released a baker's dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted to "Critical" for customers in "Especially sensitive sectors." F5 - maker of near-ubiquitously installed enterprise networking gear - released nearly 30 vulnerabilities for multiple devices in its August security updates.

Kalay, a P2P IoT protocol developed by Taiwanese company ThroughTek, has a serious security problem: Remote attackers are able to exploit it in order to give them total, yet nearly invisible, control over devices using the protocol. The vulnerability is low in complexity and affects more than 83 million devices, adding to its severity.

The OS command-injection bug, in the web application firewall platform known as FortiWeb, will get a patch at the end of the month. An unpatched OS command-injection security vulnerability has been disclosed in Fortinet's web application firewall platform, known as FortiWeb.

Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall until the end of August. They have abused the CVE-2018-13379 Fortinet SSL VPN vulnerability to compromise Internet-exposed U.S. election support systems, with Fortinet warning customers to patch the flaw in August 2019, July 2020, November 2020, and again in April 2021.

Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall installations. Financially motivated and state-sponsored threat actors have been heavily targeting unpatched Fortinet servers over the years.

A stored cross-site scripting vulnerability in the SEOPress WordPress plugin could allow attackers to inject arbitrary web scripts into websites, researchers said. In July six critical flaws were disclosed that affected the WordPress plugin Front File Manager versions 17.1 and 18.2, active on more than 2,000 websites.

The discussions between security vendors NortonLifelock and Avast that The Register reported had reached an advanced stage in July have proved fruitful, to the tune of more than $8 billion. While the deal has been styled as a merger, it will see NortonLifelock acquire all Avast shares and result in the combined companies listing on NASDAQ, rather than Avast's current London Stock Exchange home.

A critical security vulnerability in a subset of Cisco Systems' small-business VPN routers could allow a remote, unauthenticated attacker to take over a device - and researchers said there are at least 8,800 vulnerable systems open to compromise. The critical bug affects the vendor's Dual WAN Gigabit VPN routers.

LAS VEGAS - A series of vulnerabilities in internet of things devices often found in connected hotel rooms allowed a researcher to take control of multiple rooms' amenities - and punish a loud neighbor. In an effort to make up for space constraints, these kinds of digs tend to offer a few electronic bells and whistles, and according to Supa, this particular hotel was no different.

Account takeovers are on the rise, fueled by the widespread use of automated bots. The media industry, which includes social networks, content streaming, gambling, gaming, and online dating sites, is seeing attacks on new account creation processes at a higher rate than any other industry in the second half of 2020, according to a recent report by LexisNexis Risk Solutions.