vulnerability
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Ethical hackers and the economics of security research
Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in …
Lack of API visibility undermines basic principle of security
One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack …
Reality check: Your security hygiene is worse than you think it is
Sevco Security published a report which explores the gap between perceptions and realities of security hygiene and asset management. Leveraging findings from ESG’s “Security …
Zoom patches vulnerabilities in its range of conferencing apps
Zoom has patched vulnerabilities in its range of local solutions for conferences, negotiations and recordings – Zoom Meeting Connector Controller, Zoom Virtual Room …
Shrinking cyber budgets are leaving businesses at risk
The cyber budgets of enterprises rose by less than 1% during the pandemic, according to their cyber budget holders. This left cyber spend stagnating at an average of around …
Intel chip flaw could enable attacks on laptops, cars, medical devices (CVE-2021-0146)
Researchers uncovered a vulnerability in Intel Processors that could affect laptops, cars and embedded systems. The flaw (CVE-2021-0146) enables testing or debugging modes on …
10,000+ websites and apps are vulnerable to Magecart
Some of the world’s largest companies across retail, banking, healthcare, energy and many other sectors, including Fortune 500, Global 500 and governments are failing to …
Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been …
Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage
Researchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage. …
Vulnerabilities associated with ransomware increased 4.5% in Q3 2021
Ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021, a report by Ivanti, Cyber Security Works and …
Mobile phishing exposure in the energy industry surged 161% in 2021
Mobile phishing exposure surged 161% within the energy industry between the second half of 2020 and the first half of 2021, a Lookout report reveals. The research indicates …
Featured news
Resources
Don't miss
- Popular code formatting sites are exposing credentials and other secrets
- Fake “Windows Update” screens fuels new wave of ClickFix attacks
- Microsoft cracks down on malicious meeting invites
- How an AI meltdown could reset enterprise expectations
- The breaches everyone gets hit by (and how to stop them)