Displaying items by tag: Exploit

In sobering news to CISOs everywhere, cybersecurity company Rapid7 has found the majority of mass compromise events come from zero-day exploits, and increasingly these are hitting devices at the edge. Additionally, other research finds a staggering number of preventable compromises are still occurring where MFA could, and should have been in place but was not.

GUEST OPINION by Tim O’Neill, BitTitan Cybersecurity threats continue to evolve, with bad actors engaged in a perpetual mission to exploit network vulnerabilities. When we think we are doing enough, there’s always more to be done.

Microsoft has been urged to reconsider its position on removing exploits from GitHub, the code repository which it acquired in 2018, after an incident in which it removed an exploit for Microsoft Exchange Server from the site.

A researcher has released exploit code for taking advantage of a vulnerability in Microsoft's implementation of the server message block protocol in Windows, a flaw that was described as SMBGhost at the time it became known.

After Google's very scary sounding Project Zero security report suggesting groups making a "sustained effort to hack the users of iPhones in certain communities over a period of at least two years", Apple has struck back.

Cloud endpoint protection provider CrowdStrike has released research revealing a threat spends an average of 86 days in a corporate network before it is detected, despite needing under two hours to move laterally to other systems on the network.

Credit-reporting company Equifax Inc's massive data breach compromised the personal information of up to 143 million Americans and continues to dominate the news as even San Francisco city joins in the rage.

Open-source web platform Meteor has disclosed a recently discovered vulnerability which can break MongoDB protections.

A serious vulnerability in most versions of Android has been revealed before any major phone vendors have released patches for their devices.

Evidence exists online that Catch of the Day could have disclosed its May 2011 vulnerability back in February 2012 but chose not to.

Online daily dealing shopping site catchoftheday.com.au has written to its customers to advise them that some of their details may have been compromised ... three years ago.

KACE is a common systems and asset management, ticketing and reporting system used within enterprises. A new security flaw has been posted, revealing a hardcoded backdoor security key which allows arbitrary files to be uploaded.

TOR is the dark side of the Internet, the so-called dark web, which provides a safe haven to privacy advocates but is also where drugs, child pornography, assassins for hire and other weird and illegal activities can allegedly be traded. The FBI has made a massive dent in the TOR network, compromising half of all TOR sites.

Some people got very excited when word spread of the discovery of a 'scary' vulnerability in Android that could be exploited to modify an application without the operating system detecting that the app's signature and content no longer match.

Apple moved relatively quickly to protect Mac users from exploits of a Java vulnerability revealed last week.

A serious Java vulnerability is being exploited in the wild.

Cyber threats come and go, but the latest research suggests that the naughty lads of the Internet have settled into something of a groove; albeit a very effective and efficient one.  They're also worried about software piracy!

There is merit in knowing (in general) where the major Internet threats will come from in the near future.  Clearly, we can't predict the exact future, but we can extrapolate the trends.

In April this year, a vulnerability was discovered in a commonly used critical infrastructure Web Access product.  Exploitable code was also made available.  The manufacturer has announced that no patch will be released.

Apple has released iOS security updates that plug a vulnerability that's been used to jailbreak devices. Before the howls of protest start, remember that such vulnerabilities can also be used for evil.