Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack
The attacks are enabled by an unpatched security vulnerability in ForgeRock’s Access Management, a popular platform that front-ends web apps and remote-access setups.
Attackers are actively exploiting a critical,...
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more.
A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation (BPA) application and Cisco’s Web Security...
Microsoft Office Users Warned on New Malware-Protection Bypass
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.
Legacy users of...
Coursera Flunks API Security Test in Researchers’ Exam
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.
Researchers have discovered...
Critical Sage X3 RCE Bug Allows Full System Takeovers
Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data.
Four vulnerabilities afflict the popular Sage X3 enterprise resource...
Western Digital Users Face Another RCE
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.
Bad news comes in threes, most...
Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks
Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry.
The healthcare industry is under attack like never before.
What started...
Netgear Authentication Bypass Allows Router Takeover
Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials.
Netgear has patched three bugs in...
Details of RCE Bug in Adobe Experience Manager Revealed
Disclosure of a bug in Adobe’s content-management solution – used by Mastercard, LinkedIn and PlayStation – were released.
Details of an Adobe zero-day bug found in its content-management...
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
Microsoft patched two...
