Vulnerabilities

On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability in Apache Struts 2.0.0 to 2.5.25 that provides attackers arbitrary ...

The impact of the novel coronavirus pandemic on how enterprises work—and secure their workers and data—will last for years. And while the long-term ramifications are yet to be known, a recent survey ...

The post SolarWinds Orion Supply Chain (SUNBURST) Backdoor appeared first on Digital Defense, Inc ...

This month, RubyGems removed 2 gems from its open source software repository that contained malicious code. These gems, tracked as sonatype-2020-1222 by us, are: ...

On December 15, 2020 we just hit another milestone with the number of vulnerabilities recorded in the US CERT Vulnerability Database (so far in 2020) exceeding the total count in 2019, marking ...

The Signal app has been cracked—its encryption is broken. That’s the preposterous claim made by Cellebrite ...

During the 2020 COVID-19 pandemic, we've seen organizations increase their use of the cloud, partly to accommodate the increase in employees working from home, and partly as the increase they had already ...

A recent study from Positive Technologies found that 84% of companies have high risk vulnerabilities that are accessible on the network perimeter.  The results are based on their network perimeter scan of ...

The post Advisory for D-Link VPN Router Vulnerabilities appeared first on Digital Defense, Inc ...

Article by Nathan King, Director, CyberisVulnerability scoring has an important role in most enterprise threat and vulnerability management programmes because it provides multiple benefits to internal security teams when identifying any weaknesses ...