IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not […]
New research connects Iranian state-sponsored hackers to attacks against critical infrastructure worldwide.
Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google’s Project Zero and reported to Adobe, which made a change to Reader that made it […]
Siemens has patched two critical vulnerabilities in the WinCC application in a number of its products; the flaws are likely being exploited, ICS-CERT and Siemens said.
Adobe released an emergency out-of-band Flash Player security bulletin, revising a patch released in October with an additional CVE addressing a memory corruption vulnerability.
A number Hikvision digital video recorders contain vulnerabilities that an attacker could remotely exploit in order to gain full control of those devices.
The ICS-CERT is warning users about a stack buffer overflow in the Advantech WebAccess SCADA product that could lead to arbitrary code execution.
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
Most targeted attacks exploit privileged account access according to a new report commissioned by the security firm CyberArk.
Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
