July 20, 2017 New Devil’s Ivy Vulnerability Causing Rash of IoT Risks 2 min read - A new open source vulnerability called Devil's Ivy could enable attackers to hijack security camera feeds and block legitimate users from accessing data.
July 17, 2017 Everlasting Issue? EternalBlue Scanning Apps Find 50,000 Susceptible Systems 2 min read - A new scanning app found that more than 50,000 systems across the world are still vulnerable to the EternalBlue exploit, despite a patch being available.
June 22, 2017 Stack Clash Bug Could Compromise Linux and Unix Defenses 2 min read - Attackers could exploit a vulnerability known as the Stack Clash bug to gain full root privileges, according to researchers at security firm Qualys.
June 14, 2017 Attackers Leverage SambaCry Flaw to Run Cryptocurrency Miner 2 min read - Actors have exploited a patched flaw to push a cryptocurrency miner to vulnerable Linux machines. The attacks take advantage of a vulnerability in Samba.
June 8, 2017 Application Security Report Calls Out Problems in Mobile, IoT Devices and DevOps 2 min read - High-Tech Bridge released a report at InfoSecurity Europe 2017 highlighting some of the fastest growing application security threats to developers.
June 5, 2017 New Vulnerability in Enterprise Apps Puts Data at Risk 2 min read - Developers of many enterprise apps potentially expose sensitive data by failing to properly secure the connection between back-end servers and the app.
June 1, 2017 Circling Back: FreeRADIUS Fix Cuts Off Authenticaton Bypass 2 min read - The open source FreeRADIUS project recently patched a vulnerability that allowed malicious actors to bypass session authentication.
Malware May 25, 2017 Unwrapping the Mystery: Did a Big, Slimy Internet Worm Make Hundreds of Organizations WannaCry? 6 min read - IBM X-Force revealed that WannaCry spread to its targets like a computer worm. But unlike a classic worm, it carried a malicious payload of ransomware.
Software Vulnerabilities May 16, 2017 Apache Struts 2: A Zero-Day Quick Draw 4 min read - It took fraudsters less than 24 hours after the disclosure of a previously unknown Apache Struts 2 vulnerability to develop a Python script to exploit it.
May 15, 2017 Phony WordPress Domain Steals Cookies to Fool Web Admins 2 min read - Cybercriminals have been stealing cookies and using a fraudulent WordPress API to impersonate users and take control of victims' browsing sessions.