Hackers are exploiting a critical zero-day flaw in the WordPress plug-in Fancy Product Designer, which allows remote code execution, the Wordfence Threat Intelligence team at Defiant Inc. says. Because a patch has not yet been released, the team urges users to immediately uninstall the vulnerable plug-in.
In a recent research project on cyber risk management, 340 cybersecurity and IT professionals were surveyed. They were asked what their organization’s biggest vulnerability management challenge is. 42% of respondents indicated that their biggest vulnerability management challenge is tracking vulnerability and patch...
Siemens has released patches for certain automation products that have a critical memory protection vulnerability, which attackers could exploit to run arbitrary code to access memory areas, enabling them to read sensitive data and use it to launch further attacks.
Is your team working constantly to discover and patch critical vulnerabilities across your global hybrid-IT landscape? Traditional vulnerability management solutions stop at only identifying vulnerabilities and don’t help with remediation. Security teams would prefer if they can automatically discover and categorize...
Two China-linked threat groups are still exploiting unpatched flaws in Ivanti's Pulse Connect Secure VPN products, using additional malware variants to support cyberespionage, FireEye's Mandiant Threat Intelligence team says.
VMware is warning all vCenter Server administrators to patch their software to fix a serious vulnerability that could be used to execute arbitrary code as well as a separate authentication flaw. Experts warn that these and other recent flaws are likely to be targeted by ransomware gangs.
Are there better ways to characterize, assess and handle big, bad bugs to help organizations better prioritize remediating them? Allan Liska, an intelligence analyst at Recorded Future, discusses better ways to focus vulnerability hunting.
He is known for his regular reports for Reuters, as well as for his books, including the latest: "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World." Joseph Menn opens up on the biggest stories of the year and the lessons that must be learned.
The past year has taught us much about resilience. But how do we update our tools and skills for the future? Vasu Jakkal, corporate vice president at Microsoft, discusses new, fundamental cybersecurity shifts and how our strategies for acquring skills and diversity must reflect them.
Maddie Stone of Google's Project Zero bug hunting team says writing better software patches and using memory-safe language when coding applications can make it much more difficult for malicious researchers to find zero-day flaws.
A Belgian security researcher says he uncovered vulnerabilities that affect all modern Wi-Fi security protocols and most wirelessly connected devices, including smartphones, routers and IoT devices. Many tech companies have fixed the flaws to avoid leaks of user data.
By issuing a sweeping cybersecurity executive order on Wednesday, the Biden administration is attempting to take a critical step to address security issues that have come to light after recent cyberattacks. Here's an analysis of the order's key elements.