Have you patched these top 10 routinely exploited vulnerabilities?
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by …
Recorded Future
OpenDXL Ontology: An open source language for connecting cybersecurity tools
The Open Cybersecurity Alliance (OCA) today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common …
Which vulnerabilities were most exploited by cybercriminals in 2019?
Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)? Table of top exploited CVEs between 2016 and 2019 (repeats are noted by …
Recorded Future and ServiceNow offer faster incident response and third-party risk analysis
Recorded Future, the leading provider of security intelligence, announced a new relationship with ServiceNow to expedite security professionals’ decision-making …
Malware peddlers hit Office users with old but reliable exploit
Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, …
Insight Partners acquires Recorded Future for $780 million
Insight Partners has agreed to acquire a controlling interest in Recorded Future. The all-cash transaction values Recorded Future at more than $780 million and will accelerate …
PoC exploit for critical Apache Struts flaw found online
The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged …
Dragos to integrate ICS-specific threat intelligence with cyber intelligence partners
Dragos announced that its industrial control system (ICS) threat intelligence product, WorldView, will integrate with partner companies, ThreatConnect, Recorded Future, …
Counterfeit digital certificates for sale on underground forums
Signing malicious code with valid digital certificates is a helpful trick used by attackers to maximize the odds that malware won’t be flagged by antivirus solutions and …
Telegram-based Katyusha SQL injection scanner sold on hacker forums
Despite regularly achieving one of the top spots on the OWASP Top 10 list of the most critical web application security risks, injection vulnerabilities continue to plague …
For timely vulnerability information, unofficial sources are a better bet
From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST’s centralized …
Malware Hunter: Find C&C servers for botnets
Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan …
