vulnerability
DevSecOps is emerging as the main methodology for securing cloud-native applications
Only 8 percent of companies are securing 75 percent or more of their cloud-native applications with DevSecOps practices today, with that number jumping to 68 percent of …
Employees are mistakenly confident that they can spot phishing emails
While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an …
vBulletin zero-day exploited in the wild in wake of exploit release
An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it …
Older vulnerabilities and those with lower severity scores still being exploited by ransomware
Almost 65% of top vulnerabilities used in enterprise ransomware attacks targeted high-value assets like servers, close to 55% had CVSS v2 scores lower than 8, nearly 35% were …
Disclosing vulnerabilities to improve software security is good for everyone
Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, …
A bug made some Windows Defender antivirus scans fail
Microsoft has released a fix for a bug that made its Windows Defender Antivirus fail after a few seconds when users opted for a Quick or Full scan of the system. Users are …
Researchers uncover 125 vulnerabilities across 13 routers and NAS devices
In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming …
Simjacker vulnerability actively exploited to track, spy on mobile phone owners
Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being …
September 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days
For the September 2019 Patch Tuesday, Microsoft delivered fixes for 80 CVE-numbered security issues (including to actively exploited zero-days), Adobe fixed flaws in Flash …
Critical Exim flaw opens servers to remote code execution, patch now!
The Exim mail transfer agent (MTA) is impacted by a critical vulnerability that may allow local or unauthenticated remote attackers to execute programs with root privileges on …
Critical vulnerabilities uncovered in Danfoss SCADA product, patch now!
Risk Based Security uncovered multiple vulnerabilities in the AK-EM 800 product from SCADA vendor Danfoss. The discovered vulnerabilities Researchers found two critical …
Security hole opens a billion Android users to advanced SMS phishing attacks
Check Point Research has revealed a security flaw in Samsung, Huawei, LG, Sony and other Android-based phones that leaves users vulnerable to advanced phishing attacks. The …