I Still WannaCry One Year Later

In May 2017 the biggest ransomware attack in history broke out. Known as “WannaCry,” the now infamous ransomware spread like wildfire, affecting PCs around the world. One year on, the same malware – which exploits the EternalBlue vulnerability – is still prevalent. Avast has detected and blocked more than 176 million WannaCry attacks in 217 […]

New BIND Vulnerabilities Threaten DNS Availability

One of the most common pieces of software for implementing a Domain Name System (DNS) server — BIND — has just become the subject of security advisories from the Internet Systems Consortium and a related notice from DHS. The advisories cite two new vulnerabilities in BIND. Both describe a scenario in which one of the […]

Spectre chip security vulnerability strikes again; patches incoming

After the first-wave of Spectre and Meltdown attacks were conquered, people relaxed. That was a mistake. Since the CPU vulnerabilities Spectre and Meltdown showed an entirely new way to attack systems, security experts knew it was only a matter of time until new assault methods would be found. They’ve been found. Jann Horn, a Google Project Zero security researcher, discovered […]

Phone tracking service LocationSmart exposed API, allowing anyone to track you

An unsecured product demo on the web site of phone geolocation firm LocationSmart allowed any user to look up the location of any arbitrary mobile phone number without needing to supply a password or any other credentials, according a report by veteran security reporter Brian Krebs. Under intended operation, the LocationSmart product demo requires prospective customers to […]

Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets

Yuriy Bulygin, the former head of Intel’s advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). Spectre and Meltdown vulnerabilities enable software attacks using CPU design flaws common to Intel, AMD, and Arm […]

Hardcoded admin passwords in Cisco DNA Center could put your enterprise network at risk

Cisco released a list of 16 security advisories on May 16, including three critical flaws in the Cisco Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale. The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. […]

Open-source vulnerabilities plague enterprise codebase systems

A new report into the state of enterprise security suggests that the majority of codebases in use contain known vulnerabilities due to the use of open-source components. Synopsys has released the Black Duck by Synopsys 2018 Open Source Security and Risk Analysis (OSSRA) report, which found that open-source adoption is on the rise in the enterprise — but […]

Enterprise vulnerability management as effective as ‘random chance’

The enterprise is not up to speed when it comes to cybersecurity remediation strategies, it seems. According to a new report by Kenna Security and the Cyentia Institute, a lack of planning and structure in patch management, vulnerability fixes, and cybersecurity risk management has led to cybersecurity strategies which are based on chance and luck, rather […]

The pace of vulnerability disclosure shows no signs of slowing

Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year, according to Risk Based Security’s 2018 Q1 Vulnerability QuickView Report. 5,375 unique vulnerabilities were reported. This is just a 1.8% increase over the same period in 2017. Note that this number will continue to rise […]

Researchers warn PGP and S/MIME users of serious vulnerabilities

A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which if exploited could reveal plain text communications. The issue also impacts emails from the past. “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or […]