Want to Avoid an Extreme Cyberloss? Focus on the Basics
New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance...
Microsoft Patches Windows Kernel Flaw Under Active Attack
This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.Microsoft today patched a zero-day vulnerability in the Windows kernel that...
Claroty Details Vulnerabilities in Schneider PLCs
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.Researchers at Claroty have released new details on authentication and encryption...
7 Online Shopping Tips for the Holidays
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2020-26168PUBLISHED: 2020-11-09
The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the...
Preventing and Mitigating DDoS Attacks: It’s Elementary
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.The 2020–2021 academic year started not with a bang...
New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities
Researchers discover a new worm and botnet dubbed Gitpaste-12 for its ability to spread via GitHub and Pastebin.Security researchers have discovered a new worm and botnet dubbed Gitpaste-12, named...
Cado Security Gets $1.5 Million Seed
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2010-5112PUBLISHED: 2020-11-05** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2010-5113PUBLISHED: 2020-11-05** REJECT...
US Seizes 27 More IRGC-Controlled Domain Names
The action follows last month's seizure of 92 domain names used by Iran's Islamic Revolutionary Guard Corps to spread disinformation.The US Department of Justice (DoJ) today reported the seizure...
Hexagon Announces Deal to Acquire PAS Global
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2020-26207PUBLISHED: 2020-11-04DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file.
The patch...
Disinformation Now the Top Concern Following Hack-Free Election Day
After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.Election Day was a relatively quiet one for cybersecurity news, but officials remain on...