Top 5 Configuration Mistakes That Create Field Days for Hackers

Having appropriate security configurations requires your applications, servers and databases to be hardened in accordance with best practices.

Lax Telco Security Allows Mobile Phone Hijacking and Redirects

A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls.

Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017.

Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover

Cisco has patched a critical flaw in its virtualized function automation tool, Cisco Elastic Services Controller.

Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats

Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources.

Cisco Releases Security Update for Elastic Services Controller

Original release date: May 07, 2019 Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig

Snowballing attacks using a recently patched critical bug show no sign of abating.

WP Live Chat WordPress Plugin Re-Patches File Upload Flaw

After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.

High-Severity PrinterLogic Flaws Enable Remote Code Execution

The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.

High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack

Cisco patches two high-severity bugs that could be exploited by remote attackers.