Category: alerts

Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti. Read more

The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media. Read more

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure. Read more

A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood. Read more

Original release date: October 27, 2021 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks using Ranzy Locker, a ransomware variant first identified targeting victims in the United States in late 2020. CISA encourages users and administrators to review the IOCs and technical details in… Read more

Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. Read more

Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner. Read more

New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here. Read more

No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality. Read more

A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware. Read more