Security vulnerabilities news stories - Page 2

"From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application."

Vulnerabilities have been discovered in Wincor Cineo ATMs allowing illegal cash withdrawals

Ralls chats about web application security, vulnerability management, false positives, and why businesses need to think about vulnerability scanning in an entirely new way.

"Apple is aware of a report that this issue may have been actively exploited," the company states.

The average time to remediate the most severe vulnerabilities in an organisation’s IT infrastructure has now reached 256 days.

"Together, Ivanti and RiskSense will enable customers to take the right action at the right time and effectively defend against ransomware, which is the biggest security threat today.”

Tampering with this system may negatively impact a company's ability to work, to the point of full disruption of its protection system and stopping of business processes.

Every organisationusing Microsoft Exchange must patch their on-premise servers immediately and scan their networks for signs of malicious activity.

The vulnerabilities could enable attackers to break into the systems and run code, crash systems, and meddle with configuration files, amongst other malicious actions.

Tenable.ep is reportedly the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change.

2020 saw a large spike in physical and adjacent vulnerabilities, likely due to the proliferation of IoT and smart devices in use and being tested by researchers.

The total number of vulnerabilities in 2020 is on track to exceed 2019.

AppDynamics, part of Cisco, has released Cisco Secure Application, a solution designed to simplify vulnerability management, defend against cyber attacks and protect applications.

GitHub’s vice president of product management, Jeremy Epling, says that IT is increasingly relying on developers for security, testing, and responsibility for production operations.

AMNESIA:33 is a set of 33 memory-corrupting vulnerabilities affecting four open-source TCP/IP stacks: uIP; FNET; picoTCP; and Nut/Net.

Unmitigated vulnerabilities could give an attacker access to the device, enabling the attacker to break encryption, modify code, and run certain commands.

Secure Code Warrior, the secure coding company, has launched a new educational offering that simulates realistic situations to help developers extend their coding skills and preparedness.

"Our automated security assessment proved that all companies have network services available for connection on their network perimeter, allowing hackers to exploit software vulnerabilities and bruteforce credentials to these services."

GitHub has recently rolled out code scanning to help developers detect and prevent vulnerabilities from popping up in their open source and enterprise code.

Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home.

Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.

One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider.

The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.

The vulnerabilities affect three industrial VPN servers and clients.