Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, … [Read more...] about Watch Out! Mission Critical SAP Applications Are Under Active Attack
Critical
Critical Flaws Affecting GE’s Universal Relay Pose Threat to Electric Utilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in … [Read more...] about Critical Flaws Affecting GE’s Universal Relay Pose Threat to Electric Utilities
Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now
The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "unsafe deserialization" as an … [Read more...] about Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now
Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of in the wild exploitation comes on the heels of a proof-of-concept exploit code that … [Read more...] about Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were … [Read more...] about Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and … [Read more...] about Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
Out today: Defending against critical threats: A 12 month roundup
Today we launch our brand new publication, Defending Against Critical Threats: A 12 month roundup. Click to readDefending Against Critical Threats: A 12 month roundupInside, we take a retrospective look at cyber threats, and how they have evolved in the last 12 months. In something a little different to our previous reports, we’ve designed this in a magazine style format to … [Read more...] about Out today: Defending against critical threats: A 12 month roundup
Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices
Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called "AMNESIA:33" by Forescout researchers, it is a set of 33 … [Read more...] about Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices
Embedding Trust at the Core of Critical Infrastructure
November marks National Critical Infrastructure Security and Resilience Month and is a timely reminder to keep this conversation at the forefront. Global critical infrastructure speaks to a common theme: sectors that are vital to security, economic security, public health, or safety. The pandemic has reshaped the landscape of critical infrastructure with a new generation of … [Read more...] about Embedding Trust at the Core of Critical Infrastructure
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the … [Read more...] about Critical Unpatched VMware Flaw Affects Multiple Corporates Products