30 Oct 2019

Research finds 2019 increase in breaches and cybersecurity spending

Cyberattack volume rose by 17% in the past year, while the severity of attacks jumped by 30%, a new report by ServiceNow and Ponemon shows. In response to these trends, companies have increased the cybersecurity budgets by 24%. One major pain point is vulnerability management, with companies needing 12 days

Read More
30 Oct 2019

Major vulnerability patched in the EU’s eIDAS authentication system

The European Union’s electronic IDentification, Authentication and trust Services (eIDAS) system that is used by EU member states, citizens and companies to manage electronic transactions and signatures, contained two major security vulnerabilities that could have allowed threat actors to impersonate EU citizens or firms in transactions. The flaws, which were 

Read More
28 Oct 2019

Nasty PHP7 remote code execution bug exploited in the wild

Threat actors have begun exploiting a recently fixed remote code execution (RCE) vulnerability in PHP 7 in order to compromise vulnerable servers, researchers with Bad Packets are warning. The flaw, tracked as CVE-2019-11043, is very easy to exploit using proof-of-concept exploit code that was recently published on GitHub. In order

Read More
15 Oct 2019

Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected

A researcher with Apple has found a security flaw in one of the most important Linux commands, namely the sudo command that is designed to let users execute commands “as root,” i.e. with system privileges. The vulnerability can allow users to run certain commands as root even if they are

Read More
14 Oct 2019

Microsoft and NIST Team Up on Patching Guide

Microsoft and the US National Institute of Standards and Technology (NIST) have joined forces in order to create a new guide to help enterprises streamline to challenging patch management process. The initiative follows close cooperation from Microsoft with other US partners, including the Center for Internet Security, the Department of

Read More
11 Oct 2019

Flaw in iTunes for Windows Abused for Ransomware Attacks

Security researchers with Morphisec are warning the BitPaymer ransomware actors have been exploiting a security flaw in the Bonjour updater for the Windows version of Apple iTunes in order to avoid detection by anti-malware solutions on targeted systems. Bonjour contains an “unquoted path vulnerability,” that can enable threat actors to

Read More
10 Oct 2019

iTerm2 Patches Critical Vulnerability Active for 7 Years

For the last seven years, iTerm2, the most used terminal emulator for macOS, contained a critical flaw that could have enabled threat actors to run arbitrary code on vulnerable systems in various ways. This is especially worrisome considering the fact that the application’s user base consists in large part of

Read More
09 Oct 2019

Microsoft Issues 9 Critical Security Patches

As part of this month’s patch Tuesday bulletin, Microsoft has released fixes for 59 security flaws, including 9 critical vulnerabilities. So far the tech giant hasn’t found evidence that any of the patched issues are being exploited in the wild. However, Microsoft warns that one remote code execution (RCE) flaw

Read More
09 Oct 2019

Google October Android Security Update Fixes Critical RCE Flaws

Google has released patches for 28 security vulnerabilities, 11 of which where critical flaws, affecting the Android operating system. Three of the critical bugs are remote code execution (RCE) flaws that could be exploited by attackers to run arbitrary code on vulnerable devices. The RCE vulnerabilities, tracked as CVE-2019-2184, CVE-2019-2185

Read More
08 Oct 2019

US And UK Governments Issue Update Now Warning For Windows, macOS And Linux Users

The US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) that falls under the US Department of Homeland Security (DHS) and the UK National Cyber Security Centre (NCSC) are all warning that Windows, macOS And Linux Users relying on certain Virtual Private Network (VPN) applications are at

Read More