Most respondents in a recent survey say they’re losing the battle despite having up-to-date protections in place.
Vulnerability experts Michiel Prins and Greg Ose discuss the 15 most common vulnerability types.
Original release date: July 12, 2019 The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the …
Read More »
A lack of a Bluetooth Low Energy (BLE) pairing mechanism leaves the smart IoT devices open to malicious manipulation.
Original release date: July 11, 2019 Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Atlassian Security Advisory 2019-07-10 and Canadian Centre for Cyber Security Advisory AV19-143 and apply the necessary updates or mitigations. This product is provided subject to this Notification and this Privacy & …
Read More »
The tech giant addressed a widely publicized Zoom bug with an automatic update mechanism usually reserved for removing malware.
GE Healthcare said an attacker could modify gas composition parameters within the devices’ respirator function.
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.
After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.
Apple has disabled the Walkie Talkie app from its Apple Watch products after a vulnerability was discovered enabling bad actors to eavesdrop on iPhone conversations.