August 16, 2024 at 10:33AM SecurityWeek’s cybersecurity news roundup presents a collection of significant stories that may have gone unnoticed. This week’s articles include the expansion of CVE Numbering Authorities, transitive vulnerabilities in application security, a new variant of the Gafgyt botnet, and various cyberattacks targeting companies and governments. Notable insights from the series are … Read more
July 30, 2024 at 08:06AM The National Vulnerability Database, overseen by NIST, faces a mounting backlog, projected to reach almost 30,000 unaddressed vulnerabilities by year-end. With constraints hindering timely analysis, NVD’s ability to support defenders in prioritizing and responding to security flaws is compromised. Collaborations and augmented resources aim to alleviate the backlog before fiscal … Read more
June 14, 2024 at 04:19AM A security analysis of ZKTeco’s hybrid biometric access system revealed 24 critical flaws, including SQL injections, buffer overflows, and file manipulations. These vulnerabilities enable attackers to bypass authentication, steal biometric data, execute arbitrary commands, and implant backdoors. Mitigation measures include network segmentation, strong passwords, and minimizing QR code use. Source: … Read more
March 27, 2024 at 10:06AM The latest report by Google’s Threat Analysis Group and Mandiant reveals a surge in zero-day exploits targeting enterprise-specific software and appliances, surpassing overall zero-day bugs. The increase signals a shift in malicious exploitation targets, with a significant rise in exploits affecting enterprise technologies. The report also delves into the motivations … Read more
February 8, 2024 at 02:34AM Memory-safety flaws are the primary high-severity issues for Google and Microsoft. However, they are not the top exploited vulnerabilities. Rust can reduce these flaws but not eliminate all risks, as highlighted by Horizon3.ai. While Rust prevents certain vulnerabilities, attention to complex software risks and security processes is crucial. Based on … Read more
January 22, 2024 at 07:18AM Orange Cyberdefense analyzed 2.5 million vulnerabilities in their customer’s assets. The Security Navigator 2024 report details 129,395 incidents and 25,076 breaches, offering insights into digital threats and trends. The majority of findings are rated ‘High’ or ‘Medium’, with some remaining unresolved for over 150 days. Download the report for in-depth … Read more
January 4, 2024 at 04:08PM An unknown group has targeted a zero-day vulnerability in Apache’s OfBiz enterprise resource planning framework, allowing attackers to access sensitive information and remotely execute code. The incident underscores the importance of thorough patch analysis, as attackers often find ways to bypass software fixes. Similar patch failures have been seen with … Read more