Patch management problem: Organizations must identify and fix all new vulnerabilities in their software and hardware as quickly as possible. Unfortunately, on average, attackers keep exploiting flaws faster than they're being patched, says Tenable's Gavin Millard.
Researchers have discovered two new Spectre/Meltdown variants: variant 3a, a rogue system register read, and variant 4, a speculative store bypass. Some AMD, ARM, Intel and IBM Power chips have the flaws, which attackers could exploit to steal sensitive data. Some fixes have already been shipped.
Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.
There are massive amounts of vulnerabilities that companies deal with on an ongoing basis - not everything is lost though. Organizations that use unpatched software face a race against the clock, with attackers regularly beginning to hammer new vulnerabilities just hours after new fixes or security alerts get released...
The Annual Vulnerability Review analyzes the evolution of software security from a vulnerability perspective. Secunia Research at Flexera monitors more thousands of applications to provide the most recent data on the prevalence of vulnerabilities.
Download this report to learn more about:
The Gandcrab ransomware has been a moving target. Since it was discovered in January, it quickly became one of the most widely distributed file-encrypting malware programs. Researchers with Cisco say they've now found it seeded within legitimate websites, making its spread tougher to stop.
Security alert: Microsoft has issued updates to fix 67 unique flaws in its products. One vulnerability in Windows VBScript engine is already being actively exploited in the wild via malicious Word documents and could also be employed for attacks via websites and malvertising, Microsoft warns.
Equifax says it continues to field queries from U.S. lawmakers about the full extent of its massive 2017 data breach, which occurred after an attacker exploited its unpatched Apache Struts web application. Research finds that many more organizations are using unpatched Struts applications.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
Technological advances that are sweeping the financial sector by storm have brought new ways for users to access their data on the go but it also presents new challenges for financial institutions to protect their customers' personal data. Every financial institution needs to implement a comprehensive approach to...
The annual Vulnerability Review analyzes the evolution of software security from a vulnerability perspective. Secunia Research at Flexera monitors thousands of applications, appliances and operating systems to test and verify vulnerabilities, while mapping the security threats to IT infrastructures.
The annual Vulnerability Review analyzes the evolution of software security from a vulnerability perspective. Secunia Research at Flexera monitors more than 55,000 applications, appliances and operating systems, and test and verify the vulnerabilities to provide global data on the prevalence of vulnerabilities, while...
Multinational semiconductor maker Advanced Micro Devices has confirmed that there are 13 flaws in some of its chipsets that could be exploited to manipulate chip firmware for malicious purposes. AMD plans to provide fixes in the form of firmware updates that it claims should not affect system performance.
More than 95,000 servers that run the open source Memcached utiltity appear to remain vulnerable to being abused to launch massive DDoS attacks, with one such attack reaching a record 1.7 terabits per second. Here's how organizations and IT administrators must respond.