July 17, 2019 UK Government Urges Organizations to Defend Against DNS Hijacking 2 min read - The U.K. National Cyber Security Centre (NCSC) published an alert urging organizations to implement measures to mitigate against DNS hijacking.
July 15, 2019 Weekly Security News Roundup: Zero-Day Vulnerability Exploited in Buhtrap Attack Campaign 3 min read - Last week, security researchers identified a zero-day vulnerability that was instrumental in a targeted attack against companies in Eastern Europe.
July 3, 2019 Godlua Backdoor Capable of Performing DDoS Attacks 2 min read - Both versions of the Godlua backdoor, discovered in late April, are capable of performing distributed denial-of-service (DDoS) attacks, according to a new report.
July 1, 2019 Attack Campaign Leverages B2B Site to Distribute New Spelevo Exploit Kit 2 min read - A recent attack campaign leveraged a business-to-business (B2B) website to distribute a new exploit kit named Spelevo.
Application Security June 25, 2019 What Is Threat Modeling and How Does It Impact Application Security? 3 min read - Beyond the obvious benefit of proactively identifying application security incidents, threat modeling gives security leaders opportunities to educate developers and foster a DevSecOps culture.
Endpoint June 25, 2019 Is Your Endpoint Protection Strategy Ready for 5G? 5 min read - If you accept that 5G technology comes with three inherent challenges — manageability, the supply chain and usage — then the endpoint protection challenge makes a whole lot more sense.
Software Vulnerabilities June 18, 2019 Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control 5 min read - IBM X-Force discovered a zero-day remote code execution vulnerability in TP-Link Wi-Fi extenders that could enable an attacker to command a device.
June 17, 2019 XENOTIME Threat Group Now Targeting Electric Utility Organizations 2 min read - In addition to oil and gas companies, the XENOTIME threat group has begun targeting electric utility organizations located in the U.S. and elsewhere.
Endpoint June 14, 2019 How to Patch BlueKeep and Get to Know Your Company’s Critical Assets 5 min read - In theory, dealing with BlueKeep should be no different from dealing with other vulnerabilities. Unfortunately, many organizations are lagging in their patch management efforts.
Application Security June 12, 2019 8 Best Practices for Application Container Security 10 min read - Application containers can reduce costs and streamline software development, but they also increase the attack surface, necessitating strict adherence to container security best practices.