July 3, 2019 Godlua Backdoor Capable of Performing DDoS Attacks 2 min read - Both versions of the Godlua backdoor, discovered in late April, are capable of performing distributed denial-of-service (DDoS) attacks, according to a new report.
July 1, 2019 Attack Campaign Leverages B2B Site to Distribute New Spelevo Exploit Kit 2 min read - A recent attack campaign leveraged a business-to-business (B2B) website to distribute a new exploit kit named Spelevo.
Application Security June 25, 2019 What Is Threat Modeling and How Does It Impact Application Security? 3 min read - Beyond the obvious benefit of proactively identifying application security incidents, threat modeling gives security leaders opportunities to educate developers and foster a DevSecOps culture.
Security Services June 20, 2019 Effective Cybersecurity Is Simple, But Not Easy 4 min read - IT complexity has created a "glass half empty" attitude toward information security. Even so, effective cybersecurity remains simple — just not easy.
June 19, 2019 TCP SACK Panic Flaw Could Compromise Production Linux Machines 2 min read - A kernel flaw dubbed TCP SACK Panic could allow remote attackers to compromise organizations running large fleets of production Linux computers, according to a series of security advisories.
Endpoint June 14, 2019 How to Patch BlueKeep and Get to Know Your Company’s Critical Assets 5 min read - In theory, dealing with BlueKeep should be no different from dealing with other vulnerabilities. Unfortunately, many organizations are lagging in their patch management efforts.
Application Security June 12, 2019 8 Best Practices for Application Container Security 10 min read - Application containers can reduce costs and streamline software development, but they also increase the attack surface, necessitating strict adherence to container security best practices.
June 11, 2019 Attack Campaign Exploits CVE-2019-2725, Abuses Certificate Files to Deliver Monero Miner < 1 min read - Researchers observed an attack campaign exploiting CVE-2019-2725 and abusing certificate files to deliver a Monero miner.
June 11, 2019 Windows 10 Zero-Day Lets Threat Actors Bypass Patch and Escalate Role to Admin Level 2 min read - Threat actors could use a recently discovered Windows 10 zero-day flaw to take over a computer and bypass local privilege escalation.
June 5, 2019 BlackSquid Malware Capable of Abusing 8 Exploits to Install XMRig Monero Miner 2 min read - The new BlackSquid malware is capable of abusing eight notorious exploits in its attempts to install the XMRig Monero miner.