Microsoft has released an unscheduled security update to address two security vulnerabilities in its products. One of the flaws, tracked as CVE-2019-1367, is a zero-day remote code execution (RCE) vulnerability in Internet Explorer that is being actively exploited by threat actors. Microsoft warns that “if the current user is logged

70% of small to mid-sized businesses (SMBs) believe that losses from a successful cyberattack on their firm would not exceed $25,000, while over half think total damages would remain under $10,000, a new AppRiver survey shows. This implies that small business owners are grossly underestimating the amount of money they

Security researchers with Trustwave have discovered that certain DSL modems and Wi-Fi routers produced by D-Link and Comba expose user passwords to the Internet as the result of various firmware vulnerabilities. D-Link devices are affected by two firmware bugs, one of which makes it possible to view a file containing

In March of this year, a cyber incident affected firewalls at multiple power generation sites across the US. According to a recent report by the North American Electric Reliability Corporation (NERC), the attack was less serious than initially thought, and did not significantly impact electricity supply. The attackers exploited “a

Almost one in three (32%) small to mid-sized businesses (SMBs) were affected by a security breach in the last five years, and at least 10% experienced a breach in the past year, a new Kaseya survey indicates. The report reveals major shortcomings in terms of patch management, with just 42%

A critical vulnerability in Exim software, which is used by 57% of all email servers worldwide, can enable attackers to run malicious code on impacted servers with administrative (root) privileges, the Exim team warned last Friday. The company has released a patch to address the issue. The flaw affects servers

As part of its monthly roll out of patches for the Android platform, Google this week released fixes for 50 security flaws, including two critical flaws that could enable attackers to remotely execute malicious code on vulnerable devices. One of the critical vulnerabilities, tracked as CVE-2019-2176, affects Android 8.0, 8.1

Security researchers with Eclypsium have discovered that more than 47,000 servers and other machines relying on Supermicro motherboards are at risk of attacks due to a number of security flaws collectively referred to as USBAnywhere. The vulnerabilities impact the baseboard management controller (BMC) firmware of Supermicro motherboards that is designed

Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered. The campaign was first spotted last month. At first, the attackers were injecting WordPress

Various Cisco routers are vulnerable to remote takeover by hackers due to a security flaw that has been given the maximum severity score on the CvSS scale (10 out of 10). Cisco has released a patch for the bug and warns that it could be exploited by sending a simple