Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations … More BlueKeep patching isn’t progressing fast enough
A researcher found that it was possible to subvert the platform’s password recovery mechanism and take control of user accounts. An independent researcher has found a security loophole in Instagram’s mobile password recovery flow that could have allowed attackers to break into user accounts. The flaw, discovered and reported by India-based researcher Laxman Muthiyah, has since … More How your Instagram account could have been hijacked
ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows. In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once … More Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
The alert comes on the heels of Microsoft’s second advisory calling on people to take action before it’s too late. The United States’ National Security Agency (NSA) has issued a rare alert urging Windows users and administrators to waste no time in patching the critical ‘BlueKeep’ security flaw in older Windows systems. “This is the … More NSA joins chorus urging Windows users to patch ‘BlueKeep’
Millions of files that are sitting out in the open across various file storage technologies are actually encrypted by ransomware. More than 2.3 billion files have been found inadvertently exposed online over the past year, reads a report from threat intelligence outfit Digital Shadows. The firm’s new ‘Too Much Information: The Sequel’ report follows up … More Over 2.3 billion files exposed online
Attack attempts involving the USA’s National Security Agency’s exploit are in hundreds of thousands daily. It has been two years since EternalBlue opened the door to one of the nastiest ransomware outbreaks in history, known as WannaCryptor (or WannaCry). Since the now-infamous malware incident, attempts to use the exploit have only been growing in prevalence. Currently … More NSA’s EternalBlue exploit reaching new heights since WannaCryptor outbreak
A reflection on whether this approach to addressing IoT security challenges can ‘deliver the goods’ and how consumer awareness can help. According to an article by the BBC, the United Kingdom’s Digital Minister Margot James is proposing legislation to introduce a new labelling system to show customers how secure an IoT product is. In order to … More The UK plans to legislate to secure IoT, but is it really the answer?