Quantifying cyber exposure: Attackers are racing ahead
Cybercriminals have a median seven-day window of opportunity during which they can exploit a vulnerability to attack their victims, potentially siphoning sensitive data, …
New Drupal RCE vulnerability under active exploitation, patch ASAP!
Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is …
Hackers leverage flaw in Cisco switches to hit Russian, Iranian networks
The proof-of-concept exploit code for a vulnerability affecting many Cisco switches has been leveraged by vigilante hackers to mess with networks and data-centers in Russia …
Privilege escalation on Unix machines via plugins for text editors
Several of the most popular extensible text editors for Unix environments could be misused by attackers to escalate privileges on targeted systems, SafeBreach researchers have …
Microsoft kicks off bounty program for speculative execution bugs
Microsoft wants security researchers to search for and report speculative execution side channel vulnerabilities (a hardware vulnerability class that affects CPUs from …
Dangerous CredSSP flaw opens door into corporate servers
A critical vulnerability in the Credential Security Support Provider protocol (CredSSP), introduced in Windows Vista and used in all Windows versions since then, can be …
Robots hijacked by ransomware may soon become a reality
How soon will we see our home, office or industrial robots being hijacked and held ransom by attackers? If they dedicate their efforts to research, that day may come sooner …
Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers
Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers. Apache Solr servers under attack SANS ISC handler Renato …
IoT botnet bypasses firewalls to get to ZyXEL modems
NewSky Security’s honeypots have detected a new IoT botnet in the making. The botnet was named DoubleDoor, as it leverages two distinct backdoors to get to the target: …
Server-side exploits dominate the threat landscape
Skybox Security released its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. Cybercrime is a …
About the Flash zero-day currently exploited in the wild
The zero-day Flash Player vulnerability (CVE-2018-4878) that Adobe warned about on Thursday was leveraged by North Korean hackers. FireEye calls the group TEMP.Reaper and …
AutoSploit: Automated mass exploitation of remote hosts using Shodan and Metasploit
A “cyber security enthusiast” that goes by VectorSEC on Twitter has published AutoSploit, a Python-based tool that takes advantage of Shodan and Metasploit modules …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments