Researchers disclose 56 vulnerabilities impacting thousands of OT devices
Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …
vulnerability
Only 10% of vulnerabilities are remediated each month
A research from SecurityScorecard and The Cyentia Institute revealed only 60% of organizations have improved their security posture despite a 15-fold increase in cyber-attacks …
API security warrants its own specific solution
Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can …
Qbot – known channel for ransomware – delivered via phishing and Follina exploit
More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the …
Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
A closer look at the 2022 Microsoft Vulnerabilities Report
BeyondTrust’s recent 2022 Microsoft Vulnerabilities Report includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a …
The cyber posture of the U.S. Federal Government
Government agencies are prime targets for attack due to the sheer amount of sensitive information they possess. As today’s geopolitical landscape continues to become …
Autonomous vehicles can be tricked into erratic driving behavior
When a driverless car is in motion, one faulty decision by its collision-avoidance system can lead to disaster, but researchers at the University of California, Irvine have …
Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers …
Elevation of Privilege is the #1 Microsoft vulnerability category
BeyondTrust announced the release of a report which includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend …
Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed
Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can’t be fixed due to technical limitations outside of …
VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)
VMware has released patches for a privately reported critical vulnerability (CVE-2022-22972) in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize …