Drupal Arbitrary PHP Code Execution VulnerabilityOn November 16th, 2020, several file manipulation vulnerabilities within the PEAR Archive_Tar library were disclosed, given CVE-2020-28948 and CVE-2020-28949. This PEAR library is used by Drupal, although these vulnerabilities impact any platform that utilizes PEAR in their code. If Drupal is configured to allow file uploads and the processing of...

Network vulnerabilities constantly evolve, resulting in the loss of valuable information and revenue from businesses. Though threat actors can find new weaknesses every day, some of their methods remain the same. Hackers have tried-and-true methods for infiltrating a seemingly secure network, and they employ various tricks, devices, and information to get the job done.Small businesses often do not...

It's not easy to keep up with threats to your tech systems, services, and applications. With new vulnerabilities appearing on a daily basis, you need a solution that regularly assesses your security operations. This is where managed vulnerability scanning comes into play.Fortra's managed vulnerability scanning service combines modern vulnerability assessment and scanning tools with experienced...

Still writing queries in SQL? Sure, it’s a powerful way to access IBM i data. But is it enough?

Hackers will take advantage of any weakness in your cybersecurity systems, especially the most vulnerable parts of your IT infrastructure -- web applications.By design, web applications are publicly accessible on the internet at all times, giving hackers near unlimited access to breach unprotected web servers without being on premises. Fortunately, you can prevent this with a reliable website...

Penetration testing and vulnerability scanning can be commonly confused as the same type of security testing service. However, issues arise when business owners purchase one type of security scan when they actually need another kind. It may help to understand the differences between the two main types of security testing: penetration testing and vulnerability scanning. Vulnerability scanning and...

cPanel & WHM VulnerabilityDigital Defense, Inc. is disclosing a vulnerability identified in cPanel & WHM discovered by our Vulnerability Research Team (VRT). The engineers at cPanel & WHM are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.cPanel & WHM has provided a patch for the vulnerability...

Proactively monitoring your network is the best way to prevent costly network outages and unexpected downtime.

MSP Vulnerability ScannerOur MSP vulnerability scanner will deliver website scanning and network vulnerability assessment services to your customers using our easy to use MSP platform. Our focus: high accuracy, easy management, low cost and integration with your existing systems. With our SaaS platform, automation simplifies the scanning process with deployment that includes a range of servers,...

It takes a great deal of time and effort to build an effective cyber security infrastructure. With the threat of malicious attacks increasing every day, businesses and organizations must ensure that their systems are free of any risk or other vulnerabilities that could harm the company. Threat and vulnerability management programs involve honing in on security risks with vulnerability assessments...

Behind every successful organization, within any industry, is an IT system. Everyone in the workforce, from top to bottom, utilizes this system's assets on a daily basis. Think about it. Making quick internet searches, emailing potential clients, and storing data in the cloud, to give you an example, can't be done without an IT device. However, everything comes with a price. Organizations that...

ESXi OpenSLP Remote Code Execution (RCE) Vulnerability On October 20th, VMWare disclosed the presence of an RCE vulnerability with the OpenSLP within ESXi. Exposure of the vulnerability is through TCP port 427 and yields a CVSSv3 score of 9.8. The vulnerability is referenced by CVE-2020-3992 and was provided a patch by VMWare on the same day as disclosure. Products affected are ESXi, Workstation...

Most companies spend significant time and energy protecting sensitive data from hackers by investing in the latest firewalls, anti-virus software, and access control management solutions. However, all this effort is useless without considering the human factor.Social engineering is the most powerful tool in a hacker's arsenal and can help them gain access quickly, quietly, and easily into your...

The threat landscape can be a frightening scene when you look at the malicious attacks and ransomware infiltrating organizations around the globe. The good news: Endpoint antivirus applications are making enormous strides in their ability to protect enterprise-level equipment and data from attack. The bad news: Many companies overlook the need to secure non-Windows infrastructure and focus their...

IBM i expert Chuck Stupca and Chuck Losinski presented an engaging webinar about the unique characteristics of IASPs and how application data can be seamlessly migrated to optimize system processes.

A foundational component of any security program is ensuring that the organization has a clear understanding of where risk resides. One of the most effective ways to understand infrastructure weaknesses and test your defenses is with a penetration test (aka: ethical hacking) assessment.The growing number of malware and ransomware attacks is a key indicator of the severity of risk for organizations...