Threats and Risks
Just 17 per cent of all internet-facing Microsoft Exchange servers are patched against CVE-2020-0688 vulnerability
More than 31,000 Exchange 2010 servers have received no update since 2012
Critical vulnerabilities in HP Support Assistant could allow arbitrary code execution
The tool which comes preinstalled on all brand-new HP notebooks and desktops could allow an attacker to escalate local privilege on vulnerable Windows systems
Two zero-day flaws in Zoom could enable threat actors to access webcam and microphone on MacOS system
Zoom is currently the most popular app on both the Play Store and App Store but privacy and security concerns are rising
How rapid advances in quantum computing are reshaping cybersecurity
We must all prepare for the end of public key encryption as we know it
North Korea-linked Geumseong121 APT group is sending spear-phishing emails to target people interested in North Korean refugees
Fifty malicious domains belonging to the group were seized by Microsoft in December
Flaws in Diameter signalling protocol make all 4G networks prone to denial-of-service attacks
The protocol is used to authenticate message and information distribution in 4G networks
Surge in attacks from China-linked APT41 targeting unpatched Citrix servers and Cisco routers
APT41 attacks carried out between January and March targeted unsecured Citrix NetScaler servers and Cisco routers
More ransomware groups threaten to publish data stolen data from non-payers
More and more ransomware groups are starting to steal data before encryption in order to blackmail their victims into paying up
Easy availability of ICS hacking tools poses major threat to industrial sector, researchers warn
Most tools are 'vendor agnostic' and can target products from some of the largest ICS original equipment manufacturers, warns FireEye
Spanish hospitals targeted with coronavirus-themed phishing lures in Netwalker ransomware attacks
Groups behind Netwalker switched phishing baits to coronavirus last week - as other ransomware groups pledged to avoid medical facilities
Microsoft: Two zero-day vulnerabilities in Windows Adobe Type Manager Library are actively being exploited
All supported versions of Windows operating system are affected
Cisco fixes five vulnerabilities affecting SD-WAN solutions
These vulnerabilities impact Cisco products using SD-WAN software earlier than Release 19.2.2
New Trickbot campaign using brute force attacks to target telecoms firms uncovered by researchers
Operators are using a new module to target Remote Desktop Protocols
Russia is spreading Covid-19 disinformation to create panic in Western countries, EU report warns
EU's External Action Service claims to have nearly 80 examples of Russia-linked disinformation since 22nd January
Some commercial password managers can be fooled into disclosing user passwords, researchers warn
Such password managers use weak criteria to find out whether an app is genuine or not
Eighty-five per cent of Microsoft Exchange Servers vulnerable to remote-code execution security flaw patched last month
Organisations warned to patch protect against CVE-2020-0688 as state-backed APTs start targeting vulnerable Exchange Servers
Old laptop containing classified German military files bought for €90 on eBay
The researchers were able to unlock military files simply by entering 'guest' for the username and password
Pakistan-linked APT36 accused of using coronavirus to propagate Trojans
Malwarebytes claims Pakistan state-sponsored group is using a fake Indian government advisory to spread remote-access Trojan
Snoop vulnerability could enable attackers to steal data from Intel CPU's cache memory
Yet another Intel CPU security flaw affects both Core series and Xeon processors
The risks of the coronavirus pandemic to IT security
Royal BAM Group CISO Ian Hill examines the many different IT security threats posed by the COVID-19 coronavirus outbreak
Mitigating new LVI Intel security vulnerability will have big impact on CPU performance
The Intel chip security flaw could enable an attacker to steal sensitive data from targeted systems - but mitigating it could slow systems to a crawl
Microsoft releases emergency patch for SMBv3 protocol vulnerability
The details of the security flaw were leaked accidentally released earlier this week
US at risk of 'catastrophic cyber attack', warns US Cyberspace Solarium Commission
The US is "dangerously insecure in cyber," warns Commission following year-long investigation
Intel's releases fixes for six 'high severity' graphics driver security flaws among 17 Patch Tuesday updates
Serious security flaws in Intels' Windows graphics drivers could compromise PCs
Most read
