API security warrants its own specific solution
Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can …
vulnerability
Qbot – known channel for ransomware – delivered via phishing and Follina exploit
More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the …
Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
A closer look at the 2022 Microsoft Vulnerabilities Report
BeyondTrust’s recent 2022 Microsoft Vulnerabilities Report includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a …
The cyber posture of the U.S. Federal Government
Government agencies are prime targets for attack due to the sheer amount of sensitive information they possess. As today’s geopolitical landscape continues to become …
Autonomous vehicles can be tricked into erratic driving behavior
When a driverless car is in motion, one faulty decision by its collision-avoidance system can lead to disaster, but researchers at the University of California, Irvine have …
Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers …
Elevation of Privilege is the #1 Microsoft vulnerability category
BeyondTrust announced the release of a report which includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend …
Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed
Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can’t be fixed due to technical limitations outside of …
VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)
VMware has released patches for a privately reported critical vulnerability (CVE-2022-22972) in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize …
Prioritize patching vulnerabilities associated with ransomware
A threat research from Cyber Security Works (CSW) has revealed a 7.6% increase in ransomware vulnerabilities since the publication of the Ransomware Spotlight Report in …
BLE vulnerability may be exploited to unlock cars, smart locks, building doors, smartphones
A Bluetooth Low Energy (BLE) vulnerability discovered by NCC Group researchers may be used by attackers to unlock Teslas (or other cars with automotive keyless entry), …