Our news
-
Malware Makers Using ‘Exotic’ Programming Languages
Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection.
-
Vulnerability Summary for the Week of July 19, 2021
Original release date: July 26, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info dlink — dir-3040_firmware A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence…
-
Ransomware in the Age of Globalization
Have you ever felt the fear of having your personal information shared in the increasingly volatile virtual space? What would you do to prevent some of this information from leaking? If you are like most people, then chances are you would be willing to pay anything you can afford to avoid embarrassment and exposure that…
-
Critical Jira Flaw in Atlassian Could Lead to RCE
The software-engineering platform is urging users to patch the critical flaw ASAP.
-
Industrial Networks Exposed Through Cloud-Based Operational Tech
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.
-
Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.
-
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.
-
Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.
-
2021 CWE Top 25 Most Dangerous Software Weaknesses
Original release date: July 21, 2021 The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent…
-
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.