Siemens PXC4.E16 Building Automation System on graphic background.

Nozomi Networks Discovers Vulnerability in Siemens Building Automation Software

Recently, we had the opportunity to do a security analysis of the Siemens PXC4.E16, a Building Automation System (BAS) of the Desigo/APOGEE family for HVAC and building service plants. In this blog, ...
placeholder-1400x933px

Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk

Nozomi Networks Labs discovered a vulnerability (tracked under CVE-2022-05-02, ICS-VU-638779, VU#473698) affecting the Domain Name System (DNS) implementation of all versions of uClibc and uClibc-ng, a popular C standard library in IoT ...

Vulnerability Roundup – April 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website ...

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a ...

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a ...
Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox

Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox

TL;DR Today Assura is announcing the discovery of two new vulnerabilities in Quicklert for Digium Switchvox. Late in 2021, Assura’s Offensive Security Operations team conducted a penetration test that uncovered... The post ...
Adobe Patches Critical RCE Vulnerability in Magento2

Adobe Patches Critical RCE Vulnerability in Magento2

On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS score of ...
OMI security vulnerability data breach

Vulnerability Disclosures Rise to Meet Federal Requirements

For all its other security milestones, 2021 was the year that vulnerability disclosures began to get their due, taking on greater importance across all sectors, but particularly in government where valid submissions ...
Security Boulevard
Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic Marc Montpas recently discovered two severe security ...
Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants

Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants

A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the web. Originally ...

API Poll

Step 1 of 5

Do you have an API security project in 2022?