Security News

While over half of organizations use artificial intelligence or machine learning in their security stack, nearly 60 percent are still more confident in cyberthreat findings verified by humans over AI, according to WhiteHat Security. The survey responses of 102 industry professionals at RSA Conference 2020 reflect the need for security organizations to incorporate both AI- and human-centric offerings, especially in the application security space.

Several potentially serious vulnerabilities have been discovered in some of the industrial 4G routers made by Phoenix Contact, a Germany-based provider of industrial automation, connectivity and interface solutions. TC CLOUD CLIENT devices provide an industrial VPN gateway for remote maintenance via a 4G network.

Google announced on Wednesday that it's prepared to pay out an extra $313,337 for interesting Cloud Platform vulnerabilities submitted in 2020. Researchers who find vulnerabilities in Google Cloud Platform and disclose them through the company's Vulnerability Reward Program can earn up to $31,337.

Intel this week released patches for more than two dozen vulnerabilities impacting graphics drivers, FPGA, processors, NUC, BlueZ, and other products. The chip maker patched a total of 17 vulnerabilities in its graphics drivers, the most important of which is a buffer overflow that could result in denial of service.

SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news. The most important of the notes address critical missing authorization checks in Solution Manager.

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company's controllers and human-machine interface panels to remote attacks. He says, attacks exploiting these vulnerabilities can be launched directly from the internet.

With TLS 1.0 and TLS 1.1 considered vulnerable to various types of attacks, including BEAST, CRIME and POODLE, the Internet organization last month announced plans to disable them in its popular browser and allow only connections made using TLS 1.2 and TLS 1.3. An override button on the error page will provide users with the option to fallback to TLS 1.0 or TLS 1.1.

Microsoft Word RCE A Remote Code Execution vulnerability in Microsoft Word is also covered in today's patch release. "We start with CVE-2020-0684, a Remote Code Execution vulnerability that exists in Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way Windows processes.LNK files. In order to exploit this vulnerability an attacker would need to trick a victim into clicking on a.LNK file to a remote share or a removable drive that contained malware."

It's March 2020 Patch Tuesday and Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity. For the time being, Adobe seems to be skipping this Patch Tuesday and there's no indication whether the customary security updates are just delayed or there won't be any at all in the coming days.

How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.