vulnerability
Majority of 2019 breaches were the result of unapplied security patches
Despite a 24% average increase in annual spending on prevention, detection and remediation in 2019 compared with 2018, patching is delayed an average of 12 days due to data …
PHP RCE flaw actively exploited to pop NGINX servers
A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has …
IaaS cloud vulnerabilities expected to increase 50% over 2018 figures
Although the total number of IaaS cloud vulnerabilities is still small and the technology relatively young, volumes are increasing year-over-year at a steady rate, an expected …
Chance that flaws will ever be dealt with diminishes the longer they stick around
More than half of all security findings (56%) are fixed, but a focus on fixing new findings while neglecting aging flaws leads to increasing security debt, according to …
As car manufacturers focus on connectivity, hackers begin to exploit flaws
Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles that require integrated software introduce security …
Researcher releases PoC rooting app that exploits recent Android zero-day
Late last month Google Project Zero researcher Maddie Stone detailed a zero-day Android privilege escalation vulnerability (CVE-2019-2215) and revealed that it is actively …
Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points
Cisco has released another batch of security updates, the most critical of which fixes a vulnerability that could allow unauthenticated, remote attackers to gain access to …
Microsoft NTLM vulnerabilities could lead to full domain compromise
Preempt researchers have discovered two vulnerabilities that may allow attackers to bypass a number of protections and mitigations against NTLM relay attacks and, in some …
Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!
A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of …
Cybercrime is maturing, shifting its focus to larger and more profitable targets
Cybercrime is continuing to mature and becoming more and more bold, shifting its focus to larger and more profitable targets as well as new technologies. Data is the key …
October 2019 Patch Tuesday: A small batch of updates from Microsoft, none from Adobe
As predicted by Ivanti’s Chris Goettl, October 2019 Patch Tuesday came with a relatively small number of Microsoft updates and, curiously enough, with no security …
Cisco closes high-impact vulnerabilities in its security offerings
Cisco has fixed 18 high-impact vulnerabilities affecting several of its security offerings and is advising administrators to test and implement the offered security updates as …
Featured news
Resources
Don't miss
- Deploying AI at the edge: The security trade-offs and how to manage them
- Cybercrime forums Cracked and Nulled seized, operators arrested
- SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs
- Zscaler CISO on balancing security and user convenience in hybrid work environments
- ExtensionHound: Open-source tool for Chrome extension DNS forensics