Security News

Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower's PowerPanel Enterprise Data Center Infrastructure Management platform and Dataprobe's iBoot Power Distribution Unit. "An attacker could chain these vulnerabilities together to gain full access to these systems - which alone could be leveraged to commit substantial damage. Furthermore, both products are vulnerable to remote code injection that could be leveraged to create a backdoor or an entry point to the broader network of connected data center devices and enterprise systems," Trellix researchers noted.

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. Microsoft said that installing the latest update "Stops the attack chain" leading to the remote code execution bug.

Infosec in brief If you're wondering what patches to prioritize, ponder no longer: An international group of cybersecurity agencies has published a list of the 12 most commonly exploited vulnerabilities of 2022 - a list many will recognize. The coalition of officials from the US, Australia, Canada, New Zealand and United Kingdom's various intelligence and cyber security bodies - known as the Five Eyes - is urging organizations to get serious about dealing with old vulnerabilities that are being overlooked.

Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also...

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors...

In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the 12 most exploited vulnerabilities throughout 2022."In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," the joint advisory reads.

About 34% of security vulnerabilities impacting industrial control systems that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency in the first half of 2023, down from 681 reported during the first half of 2022.

CISA warned today of the significant breach risks linked to insecure direct object reference vulnerabilities impacting web applications in a joint advisory with the Australian Cyber Security Centre and U.S. National Security Agency. IDOR vulnerabilities are flaws in web apps that enable attackers to access and manipulate sensitive data by directly referencing internal objects or resources.

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.

Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023. As thousands of...