vulnerability
Qualcomm chips leak crypto data from secure execution environment
A vulnerability in Qualcomm chips could be exploited by attackers to retrieve encryption keys and sensitive information from the chipsets’ secure execution environment, …
Legacy infrastructures and unmanaged devices top security risks in the healthcare industry
The proliferation of healthcare IoT devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable …
Attackers are weaponizing more vulnerabilities than ever before
2018 had the most weaponized vulnerabilities ever (177), which represents a 139% increase compared to 2017, according to the RiskSense latest report. In addition, the rate of …
Bad security hygiene still a major risk for enterprise IT networks
Unpatched vulnerabilities, along with growing network and application complexity pose an ongoing security risk which could threaten the security of enterprise IT networks. …
Enterprise VPN apps store authentication and session cookies insecurely
CVE-2019-1573, a flaw that makes VPN applications store the authentication and/or session cookies insecurely (i.e. unencrypted) in memory and/or log files, affects a yet to be …
WPA3 design flaws affect security of new Wi-Fi standard
Researchers have discovered a number of design flaws affecting the security of the recently introduced WPA3 data transmission protocol. Collectively dubbed Dragonblood …
Mainframe security is top priority for 85% of IT pros yet few are adequately protecting their systems
While 85 percent of companies say mainframe security is a top priority, just 33 percent always or often make mainframe decisions based on security. The “Don’t Let Mainframe …
PoC exploit for Carpe Diem Apache bug released
Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it. “This is between a POC and a …
Magento sites under attack through easily exploitable SQLi flaw
A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t …
The unique business-critical threats facing converged IT-OT systems
Manufacturing networks still running outdated technology could risk their intellectual property and production processes. The Trend Micro report, Securing Smart Factories: …
Vulnerability found in Guard Provider, Xiaomi’s pre-installed security app
Check Point Research discovered a vulnerability in one of the preinstalled apps on devices manufactured by one of the world’s biggest mobile vendors, Xiaomi. The vulnerability …
Patched Apache flaw is a serious threat for web hosting providers
Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via …