Vulnerability - Security Intelligence

article

Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

IBM X-Force found a zero-day buffer overflow vulnerability in one of the most common routers on the market that could let malicious third parties take control of the device from a remote location.

April 8, 2019 | By Grzegorz Wypych

article

Woman shopping online could be at risk of a recent Magento flaw

news

Magento Flaw Lets Cybercriminals Access E-Commerce Sites Without Authentication

Security researchers discovered a Magento flaw that could enable cybercriminals to penetrate and control features within the popular e-commerce site without authentication.

April 3, 2019 | By Shane Schick

news

Woman blogging using a content management system: Drupal vulnerability

news

Highly Critical Drupal Vulnerability Could Expose Sites to RCE Attacks, Developers Warn

By exploiting a critical Drupal vulnerability recently disclosed by developers, attackers could potentially take control of websites and servers built on the CMS.

February 26, 2019 | By Shane Schick

news

Security Professionals Reviewing CVSS Scores in Data Center

article

Calling Into Question the CVSS

X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.

February 20, 2019 | By Abby Ross

article

Man using a digital tablet to control IoT devices at home: mirai malware

news

New Variant of Mirai Malware Exploits Weak IoT Device Passwords to Conduct Brute-Force Attacks

Security researchers discovered a new variant of Mirai malware known as Miori that is targeting internet of things (IoT) devices to integrate into a larger botnet.

January 2, 2019 | By Shane Schick

news

Illustration of menacing birds flying over a computer monitor: Hawkeye keylogger

news

Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger

A recent Hawkeye keylogger campaign leveraged an old Microsoft Office Equation Editor vulnerability to steal user credentials, passwords and clipboard content.

November 15, 2018 | By Douglas Bonderud

news

An IT professional working in a data center: cloud security risks

article

How Can Companies Move the Needle on Enterprise Cloud Security Risks and Compliance?

Traditional vulnerability assessments don't always show the full picture of cloud security, compliance and risk. How can enterprises get ahead of the curve?

November 9, 2018 | By Vikalp Paliwal

article

A kitchen timer set to zero: zero-day vulnerability

news

New Zero-Day Vulnerability for Windows Tweeted, Immediately Exploited

A new zero-day vulnerability affecting Windows 7 through 10 was recently disclosed on Twitter. Within two days, security researchers spotted it in the wild.

September 11, 2018 | By Douglas Bonderud

news

Blue cable plugged into a router: router attack

news

Massive Router Attack Injects CoinHive Malware Using Winbox Bug

A new router attack targeting MikroTik devices exploits a Winbox bug to install CoinHive malware and create backdoors.

August 9, 2018 | By Douglas Bonderud

news

Many GPU cards on a mainboard: cryptocurrency mining

news

Threat Actors Exploit New Drupal Flaw to Deliver Cryptocurrency Mining Malware

In the process of fixing a flaw discovered in March 2018, security researchers from Drupal discovered another vulnerability that could enable threat actors to deliver cryptocurrency mining malware.

July 23, 2018 | By Douglas Bonderud

news

Many of Baltimore’s City Services Still Offline Two Weeks After Ransomware Attack

Hundreds of Thousands of Users Targeted Daily With Would-Be WannaCry Imitators

Phishing Campaign Delivers Multi-Feature, Open-Source Babylon RAT

More Than 100 US Businesses Affected by Ryuk Ransomware Since August 2018, Finds FBI

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation

The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015

Published Exploits for Accessing SAP Systems Put Security Teams on Alert

Penetration Testing Versus Red Teaming: Clearing the Confusion

Podcast: Lessons from a Gray Beard: Transitioning From the Military to Cybersecurity

Podcast: Foundations for a Winning Operational Technology (OT) Security Strategy

Podcast: ‘You Can Never Have Too Much Encryption’

Podcast: Automating Cyber Resilience Best Practices With Dr. Larry Ponemon

Webinar: Guardium Tech Talk: An Integrated Approach to Data Risk Management

Webinar: The Debrief: Using Tools and Methods From the Intelligence Community to Stop Threats to Your Organization

Webinar: Operational Technology Security in the Age of Digital Transformation

Webinar: Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization

Tag: Vulnerability

Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

Magento Flaw Lets Cybercriminals Access E-Commerce Sites Without Authentication

Highly Critical Drupal Vulnerability Could Expose Sites to RCE Attacks, Developers Warn

Calling Into Question the CVSS

New Variant of Mirai Malware Exploits Weak IoT Device Passwords to Conduct Brute-Force Attacks

Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger

How Can Companies Move the Needle on Enterprise Cloud Security Risks and Compliance?

New Zero-Day Vulnerability for Windows Tweeted, Immediately Exploited

Massive Router Attack Injects CoinHive Malware Using Winbox Bug

Threat Actors Exploit New Drupal Flaw to Deliver Cryptocurrency Mining Malware