Top Travel Sites Have Some First-Class Security Issues to Clean Up
Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address.
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
Public-facing vulnerabilities, cloud sprawl, access to back-end servers are just a few of the challenges travel and hospitality companies must address.
The vulnerability carries nearly the highest score possible on the CVSS scale, at 9.8, impacting a system used by major companies around the world.
Telecom-based attacks such as SMS toll fraud and 2FA hijacking have evolved into a mainstream concern for CISOs.
The most popular office software suite in China actually has two critical vulnerabilities, which allowed hackers the opportunity for remote code execution. Time to patch.
CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.
LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering.
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
So far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability database.