Author: ESET Ireland

Record‑breaking number of vulnerabilities reported in 2020

February 16, 2021

High-severity and critical bugs disclosed in 2020 outnumber the sum total of vulnerabilities reported 10 years prior. An analysis of data collected by the United States’ National Institute of Standards and Technology (NIST) about common vulnerabilities and exposures (CVEs) has found that 2020 saw more reports of security loopholes than any other year to date. … More Record‑breaking number of vulnerabilities reported in 2020

Protecting the water supply – hacker edition

February 12, 2021

What can municipalities do to better protect their water supply systems? We reported recently about an attack against the water supply in Oldsmar, Florida, and worry about the potential for future and copycat attacks against other lightly defended water treatment systems in small towns worldwide and what can be done to stem such incursions. In the Florida … More Protecting the water supply – hacker edition

Microsoft patches actively exploited Windows kernel flaw

February 11, 2021

This month’s relatively humble bundle of security updates fixes 56 vulnerabilities, including a zero-day bug and 11 flaws rated as critical. Yesterday was the second Tuesday of the month, which means that Microsoft is rolling out patches for security vulnerabilities found in Windows and its other products. This year’s second batch of security updates brings … More Microsoft patches actively exploited Windows kernel flaw

Hacker attempts to poison Florida city’s water supply

February 10, 2021

While the incursion was thwarted in time, cyberattacks targeting critical infrastructure are a major cause for concern. Last Friday, an unknown attacker accessed the computer systems of a water treatment facility in Oldsmar, Florida, and attempted to poison the city’s water supply by manipulating the chemical levels of sodium hydroxide. This substance, commonly referred to … More Hacker attempts to poison Florida city’s water supply

Google: Better patching could have prevented 1 in 4 zero‑days last year

February 9, 2021

Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google. Google’s Project Zero team revealed that a quarter of zero-day exploits detected in 2020 could have been prevented had the vendors issued proper patches for the underlying security flaws. In its Year in Review bloggpost, the … More Google: Better patching could have prevented 1 in 4 zero‑days last year