Increased collaborative efforts within the industry and increased security vendor partnerships are designed to help organizations better manage the continuous stream of vulnerabilities.
Like the speeds of sound and light, everything has its limits. Has enterprise vulnerability management efforts hit its limit of effectiveness? Perhaps.
Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek.
Fixes have been issued by Taiwanese networking device manufacturer Zyxel to address five security vulnerabilities impacting its NAS326 and NAS542 network-attached storage devices that have not been supported since the end of 2023, including three critical flaws that could be exploited to facilitate remote code execution and command injection attacks, according to The Register.