vulnerability
Security starts with architecture
The battle against hackers and threats is an arms race against highly motivated opponents, and with the number of attacks and threats continually growing, it’s …
Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)
Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. The vulnerabilities could be …
Exchange Servers targeted via zero-day exploits, have yours been hit?
Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by …
Enterprises observing uptick in risky behaviors since shift to remote work
Tanium released a report to evaluate the primary IT operations and security challenges organizations have faced amid the large-scale shift to remote work in the COVID-19 era, …
Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681)
A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers …
Insights for navigating a drastically changing threat landscape
In a recent report, Trend Micro announced it detected 119,000 cyber threats per minute in 2020 as home workers and infrastructure came under new pressure from attacks. Attacks …
Massive rise in threats across expanding attack surfaces
There was a massive increase in cyber threats globally year-over-year fueled by both the pandemic and expanding attack surfaces, Skybox Security reveals. Expanding attack …
ICS threat landscape highlights
Dragos releases annual analysis of ICS/OT focused cyber threats, vulnerabilities, assessments, and incident response insights. “In 2020, the industrial community performed …
Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly …
Attackers disrupting COVID-19 efforts and critical supply chains
Cyberattacks evolved in 2020 as threat actors sought to profit from the unprecedented socioeconomic, business and political challenges brought on by the COVID-19 pandemic, IBM …
CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses
As browser-makers move to defang third-party (tracking) cookies, marketers are increasingly switching to alternative tracking techniques. One of these is CNAME cloaking, which …
U.S. municipalities are the perfect target for cybercriminals in 2021
On Feb 5th, 2021, a hacker gained remote access to a water treatment plant in Oldsmar, Florida, and was able to adjust the amount of sodium hydroxide in the water from 100 …