live casino online

Vulnerabilities expose enterprises¡¯ systems to compromise. Now that many employees are working from home and operating devices outside the more secure office environments, the need to patch vulnerabilities as soon as they are discovered has become even more pressing.

Aside from , the following vendors also released patches recently: Adobe, Citrix, Intel, and vBulletin. We rounded up these recently disclosed vulnerabilities as we advise organizations to check right away if any of the software they use is affected by these.

Adobe vulnerabilities

In of fixes for vulnerabilities, Adobe resolved 26 vulnerabilities found in some of their products such as Adobe Acrobat and Adobe Reader. ?From the total, 11 are deemed as Critical. Two of them, namely and , are that allow arbitrary code execution. The complete details of the vulnerabilities are yet to be disclosed.

The vulnerabilities have been reported to Adobe by various researchers. Abdul-Aziz Hariri of live casino online Zero Day Initiative (ZDI) was able to discover and inform the company about the aforementioned CVE-2020-9712 and four other vulnerabilities rated as Important (, , , ).

Citrix vulnerabilities

Citrix posted a where they announced the discovery of five vulnerabilities in some versions of?Citrix Endpoint Management (CEM),?also known as?XenMobile. Two of the vulnerabilities, and , have a Critical severity level.

While very little information has been shared about the other four vulnerabilities, it was revealed that CVE-2020-8209 is a that results from insufficient input validation. Such vulnerabilities allow attackers to read arbitrary files on servers. According to

Andrew Menov, the expert who discovered this vulnerability, stated that threat actors can exploit it by crafting a URL and spreading it to unsuspecting users. If the users follow this URL, the attackers would then be able to access files including configuration files and encryption keys outside the web server root directory.?

Further details are yet to be shared about the other vulnerabilities.

Intel vulnerabilities

Intel recently for 22 vulnerabilities with severity ratings ranging from Low to Critical. The critical vulnerability affects Intel Server Boards, Server Systems, and Compute Modules before version 1.59. It allows unauthorized users to bypass authentication and escalate privilege via adjacent access.

Dmytro Oleksiuk, an information security researcher and developer who discovered the flaw, revealed to that it exists in the firmware of Emulex Pilot 3. Used by motherboards, Emulex Pilot 3 helps keep server components together in a single system.

vBulletin vulnerability

Thought to have been fixed through a previous patch, a vulnerability found last year on vBulletin, an internet forum software, apparently remains exploitable as attested by published by Amir Etemadieh (also known as Zenofex), a security researcher. The vulnerability in question is , a flaw that affects vBulletin versions 5.x through 5.5.4 and allows remote code execution (RCE) via the widgetConfig[code] parameter. Threat actors can use a specially crafted POST request to launch attacks.

While a patch has long been released, the research has unveiled that attackers can still exploit the vulnerability and showed proofs of concept in Bash, Python, and Ruby. Etemadieh cited the vBulletin template system structure and how it uses PHP as the key issue for the patch. No official new patch has been released yet, although the researcher has shared a temporary workaround that administrators can apply by disabling HP, Static HTML, and Ad Module rendering in the vBulletin administrator control panel.

Protecting systems from vulnerability exploitation

Cybercriminals who aim to exploit vulnerabilities and security researchers who strive to uncover and patch these flaws are in a constant race to outpace each other. Compromised systems, after all, can mean significant financial and operational losses. Security teams of enterprises can ensure that their organizations remain protected from vulnerabilities through the following:

• Patch systems immediately. Keep posted on security bulletins of the different software used by the company and apply patches as soon as they are available.
• Regularly update software, firmware, and applications. Install the newest versions as they contain the newest fixes.
• Deploy security solutions. A multilayered security approach can help, especially in cases where patches aren¡¯t immediately available.

The following live casino online solutions help bolster protection against vulnerability exploits:

• TippingPoint^? Next-Generation Intrusion Prevention System (NGIPS) ¨C employs virtual patching and uses threat intelligence from sources such as Digital Vaccine Labs (DVLabs) and ZDI for maximum threat coverage.
• ¨C uses to defend systems from threats that target vulnerabilities. It offers network security, system security, and malware prevention.
• The live casino online? Deep Discovery? Inspector?¨C detects malicious traffic, including command and control (C&C) communications, which can be a sign of a breach. Suspicious supervisory control and data acquisition (SCADA) traffic can be identified as well.
• live casino online? Apex One? ¨C performs virtual patching through its Vulnerability Protection?, offering protection before a patch is made available.
• TippingPoint^? Advanced Threat Protection ¨C provides expert real-time protection from targeted attacks, advanced threats, and ransomware.

live casino online Deep Security?and?Vulnerability Protection?protect users from the vBulletin vulnerability via the following updated rule:

• 1010366 - vBulletin 'widgetConfig' Unauthenticated Remote Code Execution Vulnerability (CVE-2019-16759)

We will update this page once rules for the newly disclosed vulnerabilities are available.