vulnerability
Cisco patches critical, wormable RCE flaw in Cisco Jabber
Cisco has patched four vulnerabilities in its Jabber client for Windows, the most critical of which (CVE-2020-3495) could allow attackers to achieve remote code execution by …
Most security leaders feel their programs are mature, but data reveals otherwise
84% of security and IT leaders feel their enterprise programs are mature, but a deeper dive reveals a major disconnect between perception and reality, Vulcan Cyber reveals. …
Vulnerability reporting is returning to normal
Vulnerability reporting, still impacted by COVID-19, is beginning to return to normal, Risk Based Security reveals. Out of 11,121 vulnerabilities aggregated during the first …
The global cost of cybercrime per minute to reach $11.4 million by 2021
Cybercrime costs organizations $24.7, YOY increase of more than $2 every minute, a RiskIQ report reveals. It will also have a per-minute global cost of $11.4 million by 2021, …
Researchers aim to improve code patching in embedded systems
Three Purdue University researchers and their teammates at the University of California, Santa Barbara and Swiss Federal Institute of Technology Lausanne have received a DARPA …
ATM makers fix flaws allowing illegal cash withdrawals
ATM manufacturers Diebold Nixdorf and NCR have fixed a number of software vulnerabilities that allowed attackers to execute arbitrary code with or without SYSTEM privileges, …
Disrupting a power grid with cheap equipment hidden in a coffee cup
Cyber-physical systems security researchers at the University of California, Irvine can disrupt the functioning of a power grid using about $50 worth of equipment tucked …
Most ICS vulnerabilities disclosed this year can be exploited remotely
More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and …
Potential Apache Struts 2 RCE flaw fixed, PoCs released
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …
Surge in cyber attacks targeting open source software projects
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. Rise of next-gen …
Organizations knowingly ship vulnerable code despite using AppSec tools
Nearly half of organizations regularly and knowingly ship vulnerable code despite using AppSec tools, according to Veracode. Among the top reasons cited for pushing vulnerable …
Expanding attack surfaces leave security teams stretched thin
30% of businesses globally have seen an increase in attacks on their IT systems as a result of the pandemic, HackerOne reveals. This is according to C-Level IT and security …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act