July 29, 2019 Weekly Security News Roundup: US Company Selling Fully Working BlueKeep Exploit 3 min read - Last week in security news, a U.S. company announced that its penetration tool had incorporated a fully working exploit for the BlueKeep vulnerability.
July 24, 2019 Attack Campaign Targets Exposed Elasticsearch Servers With DDoS Botnet 2 min read - Researchers spotted an attack campaign that is seeking out publicly exposed Elasticsearch databases and servers to deliver a DDoS botnet.
July 22, 2019 Weekly Security News Roundup: Vulnerability Exposed Instagram Attacks to Hijacking 3 min read - Last week in security news, a researcher uncovered a critical vulnerability that allowed attackers to hijack any Instagram account within 10 minutes.
July 17, 2019 UK Government Urges Organizations to Defend Against DNS Hijacking 2 min read - The U.K. National Cyber Security Centre (NCSC) published an alert urging organizations to implement measures to mitigate against DNS hijacking.
July 15, 2019 Weekly Security News Roundup: Zero-Day Vulnerability Exploited in Buhtrap Attack Campaign 3 min read - Last week, security researchers identified a zero-day vulnerability that was instrumental in a targeted attack against companies in Eastern Europe.
July 3, 2019 Godlua Backdoor Capable of Performing DDoS Attacks 2 min read - Both versions of the Godlua backdoor, discovered in late April, are capable of performing distributed denial-of-service (DDoS) attacks, according to a new report.
July 1, 2019 Attack Campaign Leverages B2B Site to Distribute New Spelevo Exploit Kit 2 min read - A recent attack campaign leveraged a business-to-business (B2B) website to distribute a new exploit kit named Spelevo.
Application Security June 25, 2019 What Is Threat Modeling and How Does It Impact Application Security? 3 min read - Beyond the obvious benefit of proactively identifying application security incidents, threat modeling gives security leaders opportunities to educate developers and foster a DevSecOps culture.
Endpoint June 25, 2019 Is Your Endpoint Protection Strategy Ready for 5G? 5 min read - If you accept that 5G technology comes with three inherent challenges — manageability, the supply chain and usage — then the endpoint protection challenge makes a whole lot more sense.
Software Vulnerabilities June 18, 2019 Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control 5 min read - IBM X-Force discovered a zero-day remote code execution vulnerability in TP-Link Wi-Fi extenders that could enable an attacker to command a device.