A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.
Original release date: July 5, 2019 The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model identifies three levels of maturity for each mitigation strategy. ACSC is the government authority for providing protective security advice to the private sector and state and …
Read More »
IBM has disclosed multiple critical and high-severity flaws across an array of products, the most severe of which exist in its IBM Spectrum Protect tool.
Bugs in Arlo Technologies’ equipment allow a local attacker to take control of Alro wireless home video security cameras.
Google fixed several critical and high-severity vulnerabilities in its Android operating system.
Original release date: July 2, 2019 VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available. This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: July 1, 2019 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info cesanta — mongoose An issue was …
Read More »
Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website MedicareSupplement.com.
Original release date: June 28, 2019 The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory, Ryuk Ransomware Targeting Organisations Globally, on their ongoing investigation into global Ryuk ransomware campaigns and associated Emotet and TrickBot malware. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC advisory and the following for more information: Alert TA18-201A: Emotet Malware Multi-State Information Sharing and Analysis Center (MS-ISAC) White Paper: Security Primer – TrickBot Protecting Against Ransomware This …
Read More »
Twenty years in, enterprise VPNs occupy a uniquely solid position in a changing landscape.