Hackers exploit unpatched vulnerabilities, zero day to attack governments and contractors Data Breach by Derek B. Johnson - April 20, 20210 Boeing KC-46A Pegasus aerial refueling jet built for the U.S. Air Force at Boeing’s airplane production facility on February 22, 2021 in Everett, Washington. While specific companies were not named, defense contractors were among those targeted as part of a campaign by at least two hacking groups that leveraged vulnerabilities
Ransomware may be targeting Microsoft’s Hafnium Exchange Server vulnerabilities Data Breach by Joe Uchill - March 12, 20210 Microsoft flagship store in London. The company confirmed a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. (Microsoft) Microsoft confirmed “a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” via its Security Intelligence Twitter account. The
For the second time in less than a year, F5 announces critical vulnerabilities in networking devices Data Breach by Derek B. Johnson - March 10, 20210 F5 announced March 10 seven vulnerabilities tied to it’s BIG-IP and BIG-IQ network devices, the company’s second significant security disclosure in less than year. The latest disclosure includes remote command execution vulnerabilities in the iControl REST interface and Traffic Management User Interface and two buffer overflow vulnerabilities. Six of the
10 groups now targeting Hafnium Microsoft Exchange vulnerabilities Data Breach by Joe Uchill - March 10, 20210 The Visitor’s Center at Microsoft Headquarters campus in Redmond, Washington. Ten different threat groups or otherwise unique clusters of breaches have used a chain of vulnerabilities Microsoft patched in Exchange Server. (Stephen Brashear/Getty Images) Security company ESET is now tracking 10 different threat groups or otherwise unique clusters of breaches that
Researcher finds 5 privilege escalation vulnerabilities in Linux kernel Data Breach by Derek B. Johnson - March 4, 20210 Oracle Co-Founder Larry Ellison delivers a keynote address at the Oracle OpenWorld conference in 2006. A researcher found five similar vulnerabilities in the kernel of Linux operating systems that can allow an attacker to escalate local privileges on a victim’s network. (Justin Sullivan/Getty Images) A researcher at Positive Technologies found five
Vulnerabilities hit record high in 2020, topping 18,000 Data Breach by Steve Zurier - February 16, 20210 Security teams were under siege last year, according to research analyzing 2020 NIST data on common vulnerabilities and exposures (CVEs) that found more security flaws – 18,103 – were disclosed in 2020 than in any other year to date. To understand the significance, there were far more “critical” and “high severity”
Researchers identify 223 vulnerabilities used in recent ransomware attacks Data Breach by Derek B. Johnson - February 11, 20210 Ransomware is getting worse. Cybersecurity analysts have been screaming this sentiment from the rooftops for years, but now new research examining the expanding landscape of software vulnerabilities leveraged in ransomware attacks offers up some hard numbers that put the depth of this problem into context. Researchers from RiskSense have identified as
Industrial control system vulnerabilities up 25 percent in 2020 Data Breach by Steve Zurier - February 5, 20210 The number of industrial control system (ICS) vulnerabilities disclosed in 2020 increased nearly 25 percent compared to 2019, due largely to the heightened awareness of the risks posed by ICS vulnerabilities and increased focus from researchers and vendors on identifying and remediating the code flaws. A new research report released Thursday
Bot ‘FreakOut’ leverages three critical vulnerabilities to attack Linux systems Data Breach by Steve Zurier - January 21, 20210 Oracle Co-Founder Larry Ellison delivers a keynote address at the Oracle OpenWorld conference in 2006. Researchers discovered a new Internet Relay Chat (IRC) bot Tuesday that exploited three vulnerabilities to launch distributed denial of service attacks, cryptomining and other security lapses on Linux systems. (Justin Sullivan/Getty Images) Researchers discovered a new
Vulnerabilities found in Dell Wyse thin clients could enable access to arbitrary files Data Breach by Steve Zurier - December 23, 20200 Researchers reported Monday that they found two vulnerabilities in Dell Wyse thin client devices. (Jjpwiki/CC BY-SA 4.0) Researchers reported Monday that they found two vulnerabilities in Dell Wyse thin client devices that were given scores of 10 under the Common Vulnerability Scoring System – the highest severity rating. Health care cybersecurity provider