24 Sep 2019

Microsoft Issues Windows Security Update for 0Day Vulnerability

Microsoft has released an unscheduled security update to address two security vulnerabilities in its products. One of the flaws, tracked as CVE-2019-1367, is a zero-day remote code execution (RCE) vulnerability in Internet Explorer that is being actively exploited by threat actors. Microsoft warns that “if the current user is logged

Read More
19 Sep 2019

Small businesses underestimate financial damage of cyberattacks

70% of small to mid-sized businesses (SMBs) believe that losses from a successful cyberattack on their firm would not exceed $25,000, while over half think total damages would remain under $10,000, a new AppRiver survey shows. This implies that small business owners are grossly underestimating the amount of money they

Read More
12 Sep 2019

D-Link, Comba network gear leave passwords open for potentially whole world to see

Security researchers with Trustwave have discovered that certain DSL modems and Wi-Fi routers produced by D-Link and Comba expose user passwords to the Internet as the result of various firmware vulnerabilities. D-Link devices are affected by two firmware bugs, one of which makes it possible to view a file containing

Read More
10 Sep 2019

Cyber-security incident at US power grid entity linked to unpatched firewalls

In March of this year, a cyber incident affected firewalls at multiple power generation sites across the US. According to a recent report by the North American Electric Reliability Corporation (NERC), the attack was less serious than initially thought, and did not significantly impact electricity supply. The attackers exploited “a

Read More
09 Sep 2019

SMBs show no improvement in IT maturity levels, security remains top concern

Almost one in three (32%) small to mid-sized businesses (SMBs) were affected by a security breach in the last five years, and at least 10% experienced a breach in the past year, a new Kaseya survey indicates. The report reveals major shortcomings in terms of patch management, with just 42%

Read More
09 Sep 2019

Millions of Exim servers vulnerable to root-granting exploit

A critical vulnerability in Exim software, which is used by 57% of all email servers worldwide, can enable attackers to run malicious code on impacted servers with administrative (root) privileges, the Exim team warned last Friday. The company has released a patch to address the issue. The flaw affects servers

Read More
05 Sep 2019

Android’s September 2019 Patches Fix Nearly 50 Vulnerabilities

As part of its monthly roll out of patches for the Android platform, Google this week released fixes for 50 security flaws, including two critical flaws that could enable attackers to remotely execute malicious code on vulnerable devices. One of the critical vulnerabilities, tracked as CVE-2019-2176, affects Android 8.0, 8.1

Read More
04 Sep 2019

Over 47,000 Supermicro servers are exposing BMC ports on the internet

Security researchers with Eclypsium have discovered that more than 47,000 servers and other machines relying on Supermicro motherboards are at risk of attacks due to a number of security flaws collectively referred to as USBAnywhere. The vulnerabilities impact the baseboard management controller (BMC) firmware of Supermicro motherboards that is designed

Read More
02 Sep 2019

WordPress sites under attack as hacker group tries to create rogue admin accounts

Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered. The campaign was first spotted last month. At first, the attackers were injecting WordPress

Read More
30 Aug 2019

Critical Cisco VM Bug Allows Remote Takeover of Routers

Various Cisco routers are vulnerable to remote takeover by hackers due to a security flaw that has been given the maximum severity score on the CvSS scale (10 out of 10). Cisco has released a patch for the bug and warns that it could be exploited by sending a simple

Read More