Vulnerabilities found in Dell Wyse thin clients could enable access to arbitrary files
In the U.S. alone, some 6,000 companies and organizations run Dell Wyse thin clients inside their networks, many of which are health care providers.
About SC Media
Vulnerability Management
FireEye hacked, red team tools stolen
The threat intelligence giant said it suspects an unnamed nation state hacking group was behind the effort.
Amnesia-33 vulnerabilities affect 158 vendors, millions of devices
Manufacturers affected by the 33 vulnerabilities in open-source TCP/IP stacks often buried deep in the supply chain may not immediately know their devices are at risk.
Google discovers exploit devised to steal iPhone data remotely, without user interaction
It’s rare to find a single vulnerability that doesn’t need to be chained with other bugs in order to take over a device.
Attackers can abuse a misconfigured IAM role across 16 Amazon services
Researchers at Palo Alto’s Unit 42 have confirmed that they have compromised a customer’s AWS cloud account with thousands of workloads.
‘Bad move, plain and simple’: Microsoft’s new bug reporting format draws criticism
While a well-informed security professional might look at a bug entry in Microsoft’s revised approach and quickly understand how the standard-based table translates to overall risk assessment, not everyone in an organization is equipped to do so.
Microsoft pushes 112 patches, which may cause management tools to buckle under pressure
Said one security expert, many organizations are likely to encounter VPN failures or downtime from legacy on-premises patch management tools buckling under the pressure.
Patch takeover: App developers, like WordPress, left to weigh backlash of forced security updates
In an uncommon move, WordPress developers earlier this month automatically pushed an important security update for the popular Loginizer plug-in to roughly 1 million people, which caught some unsuspecting users off-guard in the process.
For Biden or business CISOs, Fake hack-and-leak operations are tough to battle
Alleged leaks connecting Democratic presidential candidate Joe Biden to his son’s correspondences in Ukraine immediately raised alarm bells to forensic analysts, and offer an interesting case study for why security teams struggle to validate company files as legitimate.
New report suggests the bug bounty business is recession-proof
Organizations during the ongoing COVID-19 crisis and global recession may find themselves relying more on external assistance from the greater hacking community as a way to augment their internal efforts to mitigate vulnerability risk.
Next post in Vulnerabilities
