BlueKeep patching isn’t progressing fast enough

Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations … More BlueKeep patching isn’t progressing fast enough

Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows. In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once … More Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

NSA joins chorus urging Windows users to patch ‘BlueKeep’

The alert comes on the heels of Microsoft’s second advisory calling on people to take action before it’s too late. The United States’ National Security Agency (NSA) has issued a rare alert urging Windows users and administrators to waste no time in patching the critical ‘BlueKeep’ security flaw in older Windows systems. “This is the … More NSA joins chorus urging Windows users to patch ‘BlueKeep’

Over 2.3 billion files exposed online

Millions of files that are sitting out in the open across various file storage technologies are actually encrypted by ransomware. More than 2.3 billion files have been found inadvertently exposed online over the past year, reads a report from threat intelligence outfit Digital Shadows. The firm’s new ‘Too Much Information: The Sequel’ report follows up … More Over 2.3 billion files exposed online

NSA’s EternalBlue exploit reaching new heights since WannaCryptor outbreak

Attack attempts involving the USA’s National Security Agency’s exploit are in hundreds of thousands daily. It has been two years since EternalBlue opened the door to one of the nastiest ransomware outbreaks in history, known as WannaCryptor (or WannaCry). Since the now-infamous malware incident, attempts to use the exploit have only been growing in prevalence. Currently … More NSA’s EternalBlue exploit reaching new heights since WannaCryptor outbreak

The UK plans to legislate to secure IoT, but is it really the answer?

A reflection on whether this approach to addressing IoT security challenges can ‘deliver the goods’ and how consumer awareness can help. According to an article by the BBC, the United Kingdom’s Digital Minister Margot James is proposing legislation to introduce a new labelling system to show customers how secure an IoT product is. In order to … More The UK plans to legislate to secure IoT, but is it really the answer?