10 Jun 2019

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Once again, Windows exploit developer SandboxEscaper has released a new zero-day exploit without disclosing the issue to Microsoft first. Last month, SandboxEscaper released five Windows exploits in a week. One of those exploits was a bypass for a patch that fixed a local privilege-escalation (LPE) flaw tracked as CVE-2019-0841. The

Read More
04 Jun 2019

How organizations are managing vulnerability risks

New research by Tripwire shows that 27% of companies around the globe have experienced a security breach caused by their failure to patch vulnerabilities affecting their systems. The survey also found that many organizations have a hard time keeping track of all the devices and applications on their networks. While

Read More
03 Jun 2019

Microsoft issues second warning about patching BlueKeep as PoC code goes public

For the second time in a very short period, Microsoft has issued a warning urging organizations to install a security patch for the highly critical BlueKeep security flaw that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The vulnerability, tracked as CVE-2019-0708, could be used by threat

Read More
30 May 2019

How WannaCry is still launching 3,500 successful attacks per hour

More than two years after the WannaCry ransomware worm encrypted files on hundreds of thousands of computers across the globe, the malware developed by the North Korean state-backed Lazarus Group still resides on around 145,000 devices, a new report by Armis shows. Over the past 6 months, the malware has

Read More
29 May 2019

One Million Devices Open to Wormable Microsoft BlueKeep Flaw

A recent analysis by Errata Security found that nearly one million devices remain vulnerable to the highly critical BlueKeep security flaw that could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code. The vulnerability, tracked as CVE-2019-0708, impacts Remote Desktop Protocol

Read More
20 May 2019

Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter

The first quarter of this year broke the record for reported security vulnerabilities, a new report by Risk Based Security shows. A total of 5,501 new flaws were disclosed during this period, most of which were web-based (56.8%). Two additional findings from the report are especially worrisome. The first is

Read More
20 May 2019

Top Cybersecurity Challenges in the Healthcare Industry

New research by Infoblox sheds light on the state of cybersecurity in the healthcare sector. According to the report, a whopping 92% of healthcare organizations believe they can adequately respond to cyber threats. A majority (56%) of companies in the sector uses automated solutions for detecting malicious activity on their

Read More
02 May 2019

New Cybersecurity Report Warns CIOs — ‘If You’re Breached Or Hacked, It’s Your Own Fault’

A new 1E and Vanson Bourne survey conducted among IT and cybersecurity executives in the US and the UK highlights the continued failure of many companies to combat cyber threats, despite increasing security awareness and investments. The report shows that six out of ten organizations experienced a breach in the

Read More
01 May 2019

DHS Orders Agencies to Patch Critical Flaws Within 15 Days

US government agencies need to patch critical security flaws within 15 days and high-severity vulnerabilities within 30 days under BOD 19-02, a new Binding Operational Directive issued by the Department of Homeland Security (DHS). The period for fixing critical issues was cut in half, because the previous directive (BOD 15-01)

Read More
16 Apr 2019

Bad security hygiene still a major risk for enterprise IT networks

A new report[pdf] by Ixia analyses the 2018 cyber threat landscape. According to the report the 5 main security issues last year were: Most product vulnerabilities were the result of software design flaws including well-documented and easily avoidable issues like SQL injection and cross-site scripting vulnerabilities The human factor is

Read More