05 Jun 2019

Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)

In the wake of Microsoft’s second alert regarding the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems, the National Security Agency (NSA) has now issued a similar warning. The agency is urging users to patch the flaw as soon as

Read More
05 Jun 2019

Only 5.5% of all vulnerabilities are ever exploited in the wild

Only a rather small number of discovered security vulnerabilities are actually exploited by threat actors, new research shows. Of the 76,000 flaws that were found between 2009 and 2018, only 4,183 (5.5%) were exploited in real world cyber attacks. Interestingly, the researchers found no connection between the publication of proof-of-concept

Read More
04 Jun 2019

Apple macOS security protections can easily bypassed with ‘synthetic’ clicks, researcher finds

MacOS is vulnerable is to an attack that can allow hackers to bypass built-in security features aimed at preventing apps from obtaining unauthorized access to user data, the webcam or the microphone. The security mechanism is designed to force apps to request explicit approval for such access. The user can

Read More
04 Jun 2019

How organizations are managing vulnerability risks

New research by Tripwire shows that 27% of companies around the globe have experienced a security breach caused by their failure to patch vulnerabilities affecting their systems. The survey also found that many organizations have a hard time keeping track of all the devices and applications on their networks. While

Read More
03 Jun 2019

Microsoft issues second warning about patching BlueKeep as PoC code goes public

For the second time in a very short period, Microsoft has issued a warning urging organizations to install a security patch for the highly critical BlueKeep security flaw that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The vulnerability, tracked as CVE-2019-0708, could be used by threat

Read More
30 May 2019

How WannaCry is still launching 3,500 successful attacks per hour

More than two years after the WannaCry ransomware worm encrypted files on hundreds of thousands of computers across the globe, the malware developed by the North Korean state-backed Lazarus Group still resides on around 145,000 devices, a new report by Armis shows. Over the past 6 months, the malware has

Read More
28 May 2019

Siemens Medical Products Affected by Wormable Windows Flaw

A Siemens investigation found that the recently discovered critical Windows security flaw known as BlueKeep impacts various medical devices produced by Siemens Healthineers, a Siemens division. The vulnerability, tracked as CVE-2019-0708, impacts RDP implementations on Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 and other older Windows operating

Read More
27 May 2019

Intense scanning activity detected for BlueKeep RDP flaw

Threat actors are actively scanning the web looking for Remote Desktop Protocol (RDP) services that are affected by the highly critical BlueKeep security flaw. The vulnerability, tracked as CVE-2019-0708, impacts RDP implementations on Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 and other older Windows operating systems. While

Read More
27 May 2019

In Baltimore and Beyond, a Stolen NSA Tool Wreaks Havoc

The ransomware attack on the City of Baltimore that has rendered the city’s email system and various other systems unavailable since May 7 involved the use of EternalBlue, a hacking tool developed by the National Security Agency (NSA) that was leaked about two years ago by the Shadow Brokers, a

Read More
24 May 2019

Researcher publishes Windows zero-days for the third day in a row

On Thursday, Windows exploit developer “SandboxEscaper” once again released new zero-day exploits on her GitHub account. SandboxEscaper already released a zero-day on Tuesday and then two more exploits Wednesday, although it turns out one of the latter had already been patched by Microsoft. One of the new flaws is a

Read More