Oracle released an emergency fix for a highly critical vulnerability found in its widely-used enterprise identity management system that allows an attacker to access enterprise software remotely without authentication.
Adobe has released an emergency security update addressing a zero-day vulnerability (CVE-2017-11292) that researchers found actively exploited by a group of threat actors known as BlackOasis. Read more
Siemens recently issued an update that addresses a vulnerability found in one of their measuring devices that could potentially allow an attacker to bypass built-in authentication measures and take control of the machine. Read more
Apple just released a supplemental update for the recently launched macOS High Sierra 10.13 operating system to address various bug fixes, including a potential vulnerability that leaks a user’s password. Read more
Standard maintenance policies leave machinery vulnerable to attack. Both hardware and software are vulnerable when normal operations and security protocols are paused or switched to another mode so that updates or fixes can be applied. Read more
A critical Remote Code Execution (RCE) vulnerability was recently discovered in Apache Struts 2, and it has potential to be more damaging than its predecessors, including even the notorious POODLE. Read more