30 May 2019

How WannaCry is still launching 3,500 successful attacks per hour

More than two years after the WannaCry ransomware worm encrypted files on hundreds of thousands of computers across the globe, the malware developed by the North Korean state-backed Lazarus Group still resides on around 145,000 devices, a new report by Armis shows. Over the past 6 months, the malware has

Read More
29 May 2019

One Million Devices Open to Wormable Microsoft BlueKeep Flaw

A recent analysis by Errata Security found that nearly one million devices remain vulnerable to the highly critical BlueKeep security flaw that could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code. The vulnerability, tracked as CVE-2019-0708, impacts Remote Desktop Protocol

Read More
20 May 2019

Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter

The first quarter of this year broke the record for reported security vulnerabilities, a new report by Risk Based Security shows. A total of 5,501 new flaws were disclosed during this period, most of which were web-based (56.8%). Two additional findings from the report are especially worrisome. The first is

Read More
20 May 2019

Top Cybersecurity Challenges in the Healthcare Industry

New research by Infoblox sheds light on the state of cybersecurity in the healthcare sector. According to the report, a whopping 92% of healthcare organizations believe they can adequately respond to cyber threats. A majority (56%) of companies in the sector uses automated solutions for detecting malicious activity on their

Read More
02 May 2019

New Cybersecurity Report Warns CIOs — ‘If You’re Breached Or Hacked, It’s Your Own Fault’

A new 1E and Vanson Bourne survey conducted among IT and cybersecurity executives in the US and the UK highlights the continued failure of many companies to combat cyber threats, despite increasing security awareness and investments. The report shows that six out of ten organizations experienced a breach in the

Read More
01 May 2019

DHS Orders Agencies to Patch Critical Flaws Within 15 Days

US government agencies need to patch critical security flaws within 15 days and high-severity vulnerabilities within 30 days under BOD 19-02, a new Binding Operational Directive issued by the Department of Homeland Security (DHS). The period for fixing critical issues was cut in half, because the previous directive (BOD 15-01)

Read More
16 Apr 2019

Bad security hygiene still a major risk for enterprise IT networks

A new report[pdf] by Ixia analyses the 2018 cyber threat landscape. According to the report the 5 main security issues last year were: Most product vulnerabilities were the result of software design flaws including well-documented and easily avoidable issues like SQL injection and cross-site scripting vulnerabilities The human factor is

Read More
10 Apr 2019

It’s raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes

As part of this month’s patch Tuesday, Microsoft and Adobe have issued a total of 117 fixes for security flaws. Microsoft released patches for 74 vulnerabilities, 15 of which are critical flaws. Two of the Windows vulnerabilities are zero-days that have been actively exploited in the wild. The flaws, classified

Read More
08 Apr 2019

CIOs and CISOs hold off on crucial updates due to potential impact on business operations

A new Tanium survey reveals that organizations may not adopt critical updates if these could interfere with business operations. According to the research, the vast majority (81%) of Chief Information Officers (CIOs) and chief information security officers (CISOs) have declined to install a security patch or other type of critical

Read More
13 Mar 2019

25% of software vulnerabilities remain unpatched for more than a year

While it may seem logical that larger organizations are better at handling patch management than small firms with limiter resources, new research by Kenna Security and the Cyentia Institute shows that the opposite is true. The report also highlights the poor state of patch management in general. On average, organizations

Read More