SandboxEscaper Debuts ByeBear Windows Patch Bypass
Once again, Windows exploit developer SandboxEscaper has released a new zero-day exploit without disclosing the issue to Microsoft first. Last month, SandboxEscaper released five Windows exploits in a week. One of those exploits was a bypass for a patch that fixed a local privilege-escalation (LPE) flaw tracked as CVE-2019-0841. The
How organizations are managing vulnerability risks
New research by Tripwire shows that 27% of companies around the globe have experienced a security breach caused by their failure to patch vulnerabilities affecting their systems. The survey also found that many organizations have a hard time keeping track of all the devices and applications on their networks. While
Microsoft issues second warning about patching BlueKeep as PoC code goes public
For the second time in a very short period, Microsoft has issued a warning urging organizations to install a security patch for the highly critical BlueKeep security flaw that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The vulnerability, tracked as CVE-2019-0708, could be used by threat
How WannaCry is still launching 3,500 successful attacks per hour
More than two years after the WannaCry ransomware worm encrypted files on hundreds of thousands of computers across the globe, the malware developed by the North Korean state-backed Lazarus Group still resides on around 145,000 devices, a new report by Armis shows. Over the past 6 months, the malware has
One Million Devices Open to Wormable Microsoft BlueKeep Flaw
A recent analysis by Errata Security found that nearly one million devices remain vulnerable to the highly critical BlueKeep security flaw that could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code. The vulnerability, tracked as CVE-2019-0708, impacts Remote Desktop Protocol
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter
The first quarter of this year broke the record for reported security vulnerabilities, a new report by Risk Based Security shows. A total of 5,501 new flaws were disclosed during this period, most of which were web-based (56.8%). Two additional findings from the report are especially worrisome. The first is
Top Cybersecurity Challenges in the Healthcare Industry
New research by Infoblox sheds light on the state of cybersecurity in the healthcare sector. According to the report, a whopping 92% of healthcare organizations believe they can adequately respond to cyber threats. A majority (56%) of companies in the sector uses automated solutions for detecting malicious activity on their
New Cybersecurity Report Warns CIOs — ‘If You’re Breached Or Hacked, It’s Your Own Fault’
A new 1E and Vanson Bourne survey conducted among IT and cybersecurity executives in the US and the UK highlights the continued failure of many companies to combat cyber threats, despite increasing security awareness and investments. The report shows that six out of ten organizations experienced a breach in the
DHS Orders Agencies to Patch Critical Flaws Within 15 Days
US government agencies need to patch critical security flaws within 15 days and high-severity vulnerabilities within 30 days under BOD 19-02, a new Binding Operational Directive issued by the Department of Homeland Security (DHS). The period for fixing critical issues was cut in half, because the previous directive (BOD 15-01)
Bad security hygiene still a major risk for enterprise IT networks
A new report[pdf] by Ixia analyses the 2018 cyber threat landscape. According to the report the 5 main security issues last year were: Most product vulnerabilities were the result of software design flaws including well-documented and easily avoidable issues like SQL injection and cross-site scripting vulnerabilities The human factor is