Security News
More than 400 vulnerabilities affecting industrial control systems were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos. Dragos analyzed 438 ICS vulnerabilities covered in 212 security advisories, roughly the same as in the previous year.
Vulnerabilities in two popular WordPress plugins, ThemeREX Addons and ThemeGrill Demo Importer, are being exploited to hack websites. Just days after the existence of the flaw was made public, ThemeGrill customers started reporting that the security hole had apparently been exploited to hack their websites.
Risk Based Security's VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above. Risk Based Security also identified a total of 302 vulnerabilities impacting Electronic Voting Machines, 289 of which have no known solution.
More than 22,000 vulnerabilities were disclosed in 2019 and over one-third had an exploit or a proof-of-concept available, Risk Based Security revealed on Tuesday. The company's 2019 Year End Vulnerability QuickView Report shows that of the 22,316 new security holes 33% were rated high severity based on their CVSS score.
Several serious vulnerabilities have been found by a researcher in Secure Mobile Access and Secure Remote Access appliances made by SonicWall. After these vulnerabilities were disclosed, Alain Mowat of Swiss cybersecurity company SCRT decided to analyze other enterprise VPN products to see if they contain similar vulnerabilities.
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide-and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits used by multiple system-on-a-chip have implemented Bluetooth Low Energy wireless communication technology-powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi.
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide-and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits used by multiple system-on-a-chip have implemented Bluetooth Low Energy wireless communication technology-powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi.
"The exploitation of the vulnerabilities translates to dangerous attack vectors against many IoT products released in 2018-2019. At first glance, most of the vulnerabilities affect product's availability by allowing them to be remotely restarted, deadlocked or having their security bypassed," the whitepaper reads. A search on the Bluetooth Listing Search site returns around 480 product listings that employ the affected SoCs, each listing containing multiple products from the same vendor.
Vulnerabilities in the Voatz Internet voting app could allow adversaries to alter, stop, or expose a user's vote, security researchers from the Massachusetts Institute of Technology have discovered. Developed by the private Boston-based Voatz, the application is the first Internet voting app to have been used in high-stakes U.S. federal elections and is "On track to be used in the 2020 Primaries," the researchers point out.
Siemens' Patch Tuesday updates for February 2020 address serious denial-of-service vulnerabilities in several of the company's products. Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products are affected by a high-severity DoS flaw if encrypted communication is enabled.