vulnerability
SharePoint servers under attack through CVE-2019-0604
CVE-2019-0604, a critical vulnerability opening unpatched Microsoft SharePoint servers to attack, is being exploited by attackers to install a web shell. The web shell allows …
Only 14% of organizations have completed migration to Windows 10
Almost a quarter of organizations will not be ready for Microsoft to terminate public delivery of Windows 7 security updates on January 14, 2020, the official end of support …
Critical flaw allows attackers to take over Cisco Elastic Services Controllers
Cisco has patched a critical, remotely exploitable authentication bypass vulnerability in Cisco Elastic Services Controller (ESC), a popular enterprise software for managing …
Flaws in the design of IoT devices prevent them from notifying homeowners about problems
Design flaws in smart home Internet of Things (IoT) devices that allow third parties to prevent devices from sharing information have been identified by researchers at North …
Flaw in pre-installed software opens Dell computers to remote hijack
Dell computer owners should update the Dell SupportAssist software as soon as possible to close a high-risk remote code execution vulnerability. What is Dell SupportAssist? …
Attackers actively exploiting Atlassian Confluence and Oracle WebLogic flaws
Attackers are actively exploiting recently fixed vulnerabilities in Oracle WebLogic and the Widget Connector macro in Atlassian Confluence to deliver ransomware, mine …
Cybercriminals are becoming more methodical and adaptive
Cybercriminals are deviating towards a more focused approach against targets by using better obfuscation techniques and improved social engineering skills as organizations …
Qualcomm chips leak crypto data from secure execution environment
A vulnerability in Qualcomm chips could be exploited by attackers to retrieve encryption keys and sensitive information from the chipsets’ secure execution environment, …
Legacy infrastructures and unmanaged devices top security risks in the healthcare industry
The proliferation of healthcare IoT devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable …
Attackers are weaponizing more vulnerabilities than ever before
2018 had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017, according to the RiskSense latest report. In addition, the rate of …
Bad security hygiene still a major risk for enterprise IT networks
Unpatched vulnerabilities, along with growing network and application complexity pose an ongoing security risk which could threaten the security of enterprise IT networks. …
Enterprise VPN apps store authentication and session cookies insecurely
CVE-2019-1573, a flaw that makes VPN applications store the authentication and/or session cookies insecurely (i.e. unencrypted) in memory and/or log files, affects a yet to be …