Cyberattack volume rose by 17% in the past year, while the severity of attacks jumped by 30%, a new report by ServiceNow and Ponemon shows. In response to these trends, companies have increased the cybersecurity budgets by 24%. One major pain point is vulnerability management, with companies needing 12 days

The European Union’s electronic IDentification, Authentication and trust Services (eIDAS) system that is used by EU member states, citizens and companies to manage electronic transactions and signatures, contained two major security vulnerabilities that could have allowed threat actors to impersonate EU citizens or firms in transactions. The flaws, which were 

Threat actors have begun exploiting a recently fixed remote code execution (RCE) vulnerability in PHP 7 in order to compromise vulnerable servers, researchers with Bad Packets are warning. The flaw, tracked as CVE-2019-11043, is very easy to exploit using proof-of-concept exploit code that was recently published on GitHub. In order

A researcher with Apple has found a security flaw in one of the most important Linux commands, namely the sudo command that is designed to let users execute commands “as root,” i.e. with system privileges. The vulnerability can allow users to run certain commands as root even if they are

Microsoft and the US National Institute of Standards and Technology (NIST) have joined forces in order to create a new guide to help enterprises streamline to challenging patch management process. The initiative follows close cooperation from Microsoft with other US partners, including the Center for Internet Security, the Department of

Security researchers with Morphisec are warning the BitPaymer ransomware actors have been exploiting a security flaw in the Bonjour updater for the Windows version of Apple iTunes in order to avoid detection by anti-malware solutions on targeted systems. Bonjour contains an “unquoted path vulnerability,” that can enable threat actors to

For the last seven years, iTerm2, the most used terminal emulator for macOS, contained a critical flaw that could have enabled threat actors to run arbitrary code on vulnerable systems in various ways. This is especially worrisome considering the fact that the application’s user base consists in large part of

As part of this month’s patch Tuesday bulletin, Microsoft has released fixes for 59 security flaws, including 9 critical vulnerabilities. So far the tech giant hasn’t found evidence that any of the patched issues are being exploited in the wild. However, Microsoft warns that one remote code execution (RCE) flaw

Google has released patches for 28 security vulnerabilities, 11 of which where critical flaws, affecting the Android operating system. Three of the critical bugs are remote code execution (RCE) flaws that could be exploited by attackers to run arbitrary code on vulnerable devices. The RCE vulnerabilities, tracked as CVE-2019-2184, CVE-2019-2185

The US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) that falls under the US Department of Homeland Security (DHS) and the UK National Cyber Security Centre (NCSC) are all warning that Windows, macOS And Linux Users relying on certain Virtual Private Network (VPN) applications are at