Security News

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system.Attackers are likely to try to exploit vulnerabilities in network management systems like Nagios because their oversee critical network components and core servers and often contain many network secrets so they can do their job, Claroty researchers noted.

A recent AtlasVPN report highlights the companies that have amassed the most security vulnerabilities through the first half of 2021. In the first six months of 2021, Google and Microsoft have "Accumulated the most vulnerabilities," according to Atlas VPN findings based on a recent Telefonica Tech report.

One of the symptoms of this rampant and global technological epidemic are the vulnerabilities that exist in internal databases globally - those that often store an organization's most sensitive data. Despite the increasing adoption of cloud infrastructure and database environments, it's estimated that 50% of data is stored on-premises.

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks. While these bugs have been or still are exploited by one ransomware group or another in past and ongoing attacks, the list has also been expanded to include actively exploited flaws, as security researcher Pancak3 explained.

A report released Tuesday by cybersecurity firm Imperva Research Labs examines why databases are vulnerable and offers advice on how to better protect your data from falling into the wrong hands. Based on analysis covering 27,000 on-premises databases around the world, Imperva found that one out of every two databases contains as least one vulnerability.

Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly. In June, a zero-day Windows print spooler vulnerability dubbed PrintNightmare was accidentally disclosed.

The vulnerabilities affect both Windows and Unix-based users, and if left unpatched, can be exploited by attackers to achieve arbitrary code execution on a system installing untrusted npm packages. On further review of the researchers' reports, GitHub security team found some more high-severity vulnerabilities in the aforementioned packages, affecting both Windows and Unix-based systems.

A DiY home security system sold to families and businesses across the US sports two vulnerabilities that, while not critical, "Are trivially easy to exploit by motivated attackers who already have some knowledge of the target," Rapid7 warns. The Fortress S03 WiFi Security System is a consumer-grade offering that customers can be customized for each physical location.

Whether the app is on your mobile device, entertainment system or garage door, APIs are what developers use to make applications function. Some background on what makes APIs such a security concern.

Realtek SDK vulnerability exploitation attempts detectedThreat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices. ProxyShell vulnerabilities actively exploited to deliver web shells and ransomwareThree so-called "ProxyShell" vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency warned.