Security News

Organizations are not always linking the actual data on vulnerabilities with the specific risks to their business, says Cyber Vulcan. With so many security vulnerabilities putting companies at risk, determining which ones to tackle can be a challenge.

Cars are becoming increasingly smart and an extension to our mobile phones. What are the biggest vulnerabilities of today's modern cars?

HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump? Bug bounty hub HackerOne has announced that its user base of freelance bounty-hunting hackers have reported a whopping 66,000+ verified vulnerabilities in 2021, a 20% increase over last year's total.

SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network. The vulnerabilities affect both the cloud services and their end users.

It's no wonder that vulnerabilities in Microsoft solutions are an attractive attack vector. Sensitive Windows Registry database files vulnerabilities.

The number of new security flaws recorded by NIST has already surpassed the total for 2020, the fifth record-breaking year in a row. Patching security flaws is a challenging and seemingly never-ending chore for IT and security professionals.

Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "Unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researchers said in a report shared with The Hacker News.

Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1. Patching security holes has become even more difficult with the advent of the remote workforce as so many endpoints are now outside the network perimeter.

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client.

Zoom has patched vulnerabilities in its range of local solutions for conferences, negotiations and recordings - Zoom Meeting Connector Controller, Zoom Virtual Room Connector, Zoom Recording Connector and others. As a result of exploiting this vulnerability, intruders could compromise the software's functionality, creating a situation when holding Zoom conferences would have been impossible.