Research finds 2019 increase in breaches and cybersecurity spending
Cyberattack volume rose by 17% in the past year, while the severity of attacks jumped by 30%, a new report by ServiceNow and Ponemon shows. In response to these trends, companies have increased the cybersecurity budgets by 24%. One major pain point is vulnerability management, with companies needing 12 days
Major vulnerability patched in the EU’s eIDAS authentication system
The European Union’s electronic IDentification, Authentication and trust Services (eIDAS) system that is used by EU member states, citizens and companies to manage electronic transactions and signatures, contained two major security vulnerabilities that could have allowed threat actors to impersonate EU citizens or firms in transactions. The flaws, which were
Nasty PHP7 remote code execution bug exploited in the wild
Threat actors have begun exploiting a recently fixed remote code execution (RCE) vulnerability in PHP 7 in order to compromise vulnerable servers, researchers with Bad Packets are warning. The flaw, tracked as CVE-2019-11043, is very easy to exploit using proof-of-concept exploit code that was recently published on GitHub. In order
Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected
A researcher with Apple has found a security flaw in one of the most important Linux commands, namely the sudo command that is designed to let users execute commands “as root,” i.e. with system privileges. The vulnerability can allow users to run certain commands as root even if they are
Microsoft and NIST Team Up on Patching Guide
Microsoft and the US National Institute of Standards and Technology (NIST) have joined forces in order to create a new guide to help enterprises streamline to challenging patch management process. The initiative follows close cooperation from Microsoft with other US partners, including the Center for Internet Security, the Department of
Flaw in iTunes for Windows Abused for Ransomware Attacks
Security researchers with Morphisec are warning the BitPaymer ransomware actors have been exploiting a security flaw in the Bonjour updater for the Windows version of Apple iTunes in order to avoid detection by anti-malware solutions on targeted systems. Bonjour contains an “unquoted path vulnerability,” that can enable threat actors to
iTerm2 Patches Critical Vulnerability Active for 7 Years
For the last seven years, iTerm2, the most used terminal emulator for macOS, contained a critical flaw that could have enabled threat actors to run arbitrary code on vulnerable systems in various ways. This is especially worrisome considering the fact that the application’s user base consists in large part of
Microsoft Issues 9 Critical Security Patches
As part of this month’s patch Tuesday bulletin, Microsoft has released fixes for 59 security flaws, including 9 critical vulnerabilities. So far the tech giant hasn’t found evidence that any of the patched issues are being exploited in the wild. However, Microsoft warns that one remote code execution (RCE) flaw
Google October Android Security Update Fixes Critical RCE Flaws
Google has released patches for 28 security vulnerabilities, 11 of which where critical flaws, affecting the Android operating system. Three of the critical bugs are remote code execution (RCE) flaws that could be exploited by attackers to run arbitrary code on vulnerable devices. The RCE vulnerabilities, tracked as CVE-2019-2184, CVE-2019-2185
US And UK Governments Issue Update Now Warning For Windows, macOS And Linux Users
The US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) that falls under the US Department of Homeland Security (DHS) and the UK National Cyber Security Centre (NCSC) are all warning that Windows, macOS And Linux Users relying on certain Virtual Private Network (VPN) applications are at