Here’s REALLY How to Do Zero-Trust Security
It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.
Zero-trust is without a doubt the new buzzword of...
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offered Up Steam API Access &...
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in...
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes
The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.
Microsoft addressed 10 critical...
Samsung Shattered Encryption on 100M Phones
One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ’embarrassingly bad.’
Samsung shipped an estimated 100 million smartphones...
Microsoft, Adobe Exploits Top List of Crooks’ Wish List
You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.
A year-long study...
Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers
The ‘ModiPwn’ bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs.
A critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic...
Nvidia Squashes High-Severity Jetson DoS Flaw
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.
Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series...
WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug
The shopping cart application contains a PHP object-injection bug.
A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being...
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February....
20K WordPress Sites Exposed by Insecure Plugin REST-API
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
More than 20,000 WordPress sites are vulnerable to malicious code injection,...