Ongoing Xurum attacks target Magento 2 e-stores

Ongoing Xurum attacks target Magento 2 e-stores

Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe’s Magento 2 CMS. Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS. The attackers are actively exploiting a server-side template injection issue, tracked as CVE-2022-24086, (CVSS score: 9.8), in Adobe Commerce and Magento Open Source. The … Read more

Verimatrix Introduces New Website Security Integration

Verimatrix Introduces New Website Security Integration

Verimatrix has recently announced the introduction of a novel website security solution, Verimatrix XTD Web Protect powered by Reflectiz. This unveiling took place during the Black Hat USA event last week. The development of these website-oriented security services has been made possible through a strategic collaboration with Reflectiz, a renowned cybersecurity firm. These services will … Read more

Effectively upskilling cybersecurity professionals to help close the skills gap

Effectively upskilling cybersecurity professionals to help close the skills gap

Globally, there are more cyberthreats than ever and a surge in attacks on operational technology (OT), including the proliferation of new ransomware variations and the ascent of Malware-as-a-Service (MaaS). These developments have caused many firms to place a higher premium on narrowing the cybersecurity skills gap within their own IT teams. Leaders are looking not only at … Read more

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) can expose to several attacks. Researchers from security firm SySS discovered multiple vulnerabilities in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be exploited by an attacker to conduct several attacks. The experts presented their findings at the Black Hat USA security … Read more

Quest Software Update

Quest Software Update

Quest Software, a systems management, data protection and security software, company, has announced what it calls its latest breakthrough in data management with the launch of erwin Data Modeler by Quest 12.5. Boasting cutting-edge features that enhance data quality, governance, and stakeholder collaboration, erwin Data Modeler 12.5 drives organisations towards data democratisation, facilitating strategic efforts … Read more

10 passwordless authentication solutions

10 passwordless authentication solutions

Passwords have long been the standard for authentication in computing systems, but they have been proven weak again and again by brute force or dictionary attacks, or their susceptibility to being compromised through increasingly sophisticated phishing campaigns. Passwordless–one of those buzzwords that leaves no doubt as to the meaning behind the term–is one of the … Read more

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). An attacker could exploit to gain unauthenticated access to these systems and … Read more

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, … Read more

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Police dismantled bulletproof hosting service provider Lolek Hosted Python URL parsing function flaw can enable command execution … Read more

The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts

The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts

The DHS’s CSRB will review cloud security practices following recent hacks of Microsoft Exchange accounts used by US govt agencies. The US DHS announced that the Cyber Safety Review Board (CSRB) will review the security measure to protect cloud computing environments following the recent compromise of Microsoft Exchange accounts used by US govt agencies. “The … Read more

Multiple data center vulnerabilities could cripple cloud services

Multiple data center vulnerabilities could cripple cloud services

Multiple vulnerabilities in data center infrastructure management systems/power distribution units have the potential to cripple popular cloud-based services. That’s according to new findings from the Trellix Advanced Research Center, which revealed four vulnerabilities in CyberPower’s Data Center Infrastructure Management (DCIM) platform and five vulnerabilities in Dataprobe’s iBoot Power Distribution Unit (PDU). The vulnerabilities could be … Read more

jsplaces