vulnerability
PoC RCE exploit for SMBGhost Windows flaw released
A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC …
Attackers tried to grab WordPress configuration files from over a million sites
A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab …
Despite investing in DevOps tools and practices, teams still encounter customer-impacting errors
An overwhelming majority of organizations prioritize software quality over speed, yet still experience customer-impacting issues regularly, according to OverOps. The report, …
Cisco plugs bucketful of security holes in industrial routers, switches
Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company’s carrier-grade and industrial …
VMware Cloud Director vulnerability enables a full cloud infrastructure takeover
A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have …
Hackers breached six Cisco servers through SaltStack Salt vulnerabilities
Earlier this month, when F-Secure publicly revealed the existence of two vulnerabilities affecting SaltStack Salt and attackers started actively exploiting them, Cisco was …
NSA warns about Sandworm APT exploiting Exim flaw
The Russian APT group Sandworm has been exploiting a critical Exim flaw (CVE-2019-10149) to compromise mail servers since August 2019, the NSA has warned in a security …
Despite lower number of vulnerability disclosures, security teams have their work cut out for them
The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk …
StrandHogg 2.0: Critical Android flaw allows app hijacking, data theft
Google has released a patch for CVE-2020-0096, a critical escalation of privilege vulnerability in Android that allows attackers to hijack apps (tasks) on the victim’s …
Computer science student discovers privacy flaws in security and doorbell cameras
Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to systemic design flaws discovered by Florida Tech …
C-suite execs often pressure IT teams to make security exceptions for them
The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols (74%) – despite also being highly targeted by malicious cyberattacks, …
Application threats and security trends you need to know about
Applications are a gateway to valuable data, so it’s no wonder they are one of attackers’ preferred targets. And since modern applications aren’t a …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act