Threatlist: 68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks

Most respondents in a recent survey say they’re losing the battle despite having up-to-date protections in place.

Exploring the Top 15 Most Common Vulnerabilities with HackerOne and GitHub

Vulnerability experts Michiel Prins and Greg Ose discuss the 15 most common vulnerability types.

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

Original release date: July 12, 2019 The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the …
Read More »

Hacked Hair Straighteners Can Threaten Homes

A lack of a Bluetooth Low Energy (BLE) pairing mechanism leaves the smart IoT devices open to malicious manipulation.

Atlassian Releases Security Updates for Jira

Original release date: July 11, 2019 Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Atlassian Security Advisory 2019-07-10 and Canadian Centre for Cyber Security Advisory AV19-143 and apply the necessary updates or mitigations. This product is provided subject to this Notification and this Privacy & …
Read More »

Apple Issues Silent Update Removing Zoom’s Hidden Server

The tech giant addressed a widely publicized Zoom bug with an automatic update mechanism usually reserved for removing malware.

Bug in Anesthesia Respirators Allows Cyber-Tampering

GE Healthcare said an attacker could modify gas composition parameters within the devices’ respirator function.

Implementing Bug Bounty Programs: The Right and Wrong Approaches

Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.

Zoom Pushes Emergency Patch for Webcam Hijack Flaw

After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.

Apple Disables Walkie-Talkie App Due to Eavesdropping Flaw

Apple has disabled the Walkie Talkie app from its Apple Watch products after a vulnerability was discovered enabling bad actors to eavesdrop on iPhone conversations.