Vulnerable plugins plague the CMS website security landscape
Vulnerable plugins, extensions, and default settings are responsible for a high rate of website compromise, according to new research. Content management systems (CMSs) are...
Tagged: Vulnerable
Log4j flaw: Thousands of applications are still vulnerable, warn security researchers
Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers...
Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks
Researchers have analyzed the cyber security of heavy vehicles and discovered that the brake controllers found on many tractor-trailers in North America are susceptible...
Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
The “hotpatch” released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing...
Over 100 Building Controllers in Russia Vulnerable to Remote Hacker Attacks
A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. The...
US Says National Water Supply ‘Absolutely’ Vulnerable to Hackers
Cyber defenses for US drinking water supplies are “absolutely inadequate” and vulnerable to large-scale disruption by hackers, a senior official said Thursday. “There’s inadequate...
Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs
At least 300,000 IP addresses associated with MikroTik devices have been found vulnerable to multiple remotely exploitable security vulnerabilities that have since been patched...
EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms
New research into the security posture of Europe’s top pharmaceutical giants has revealed concerning levels of vulnerabilities and weak spots in web applications. On...
Atom Silo ransomware operators target vulnerable Confluence servers
A new ransomware operator is targeting Confluence servers by using a recently-disclosed vulnerability to obtain initial access to vulnerable systems. According to Sophos cybersecurity...
HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an...