vulnerability
New side-channel attacks allow access to sensitive data on Intel CPUs
An international team of security researchers is presenting new side-channel attacks (CVE-2020-8694 and CVE-2020-8695), which use fluctuations in software power consumption to …
End-to-end encrypted communication mitigates enterprise security risk and ensures compliance
It is a mathematical certainty that data is more protected by communication products that provide end-to-end encryption (E2EE). Yet, many CISOs are required to prioritize …
Quantum computers: How to prepare for this great threat to information security
The race is on to build the world’s first reliable and truly useful quantum computer, and the finish line is closer than you might think – we might even reach it this …
Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …
Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)
For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop …
Google discloses actively exploited Windows zero-day (CVE-2020-17087)
Google researchers have made public a Windows kernel zero day vulnerability (CVE-2020-17087) that is being exploited in the wild in tandem with a Google Chrome flaw …
Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)
A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …
Most companies have high-risk vulnerabilities on their network perimeter
Positive Technologies performed instrumental scanning of the network perimeter of selected corporate information systems. A total of 3,514 hosts were scanned, including …
How important are vulnerability management investments for a cybersecurity posture?
Vulnerability management (VM) technology addresses the threat landscape, which is in a constant state of flux. The wider dispersal of endpoints across private and public cloud …
Organizations struggle to obtain quality threat data to guide key security decisions
Organizations are often forced to make critical security decisions based on threat data that is not accurate, relevant and fresh, a Neustar report reveals. Just 60% of …
Exploring the prolific threats influencing the cyber landscape
Some of the world’s most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting …
Safari, other mobile browsers affected by address bar spoofing flaws
Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act