WordPress Plugin WP Statistics Patches XSS Flaw

A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.

ACSC Releases Updated Essential Eight Maturity Model

Original release date: July 5, 2019 The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model identifies three levels of maturity for each mitigation strategy.   ACSC is the government authority for providing protective security advice to the private sector and state and …
Read More »

IBM Patches Critical, High-Severity Flaws in Spectrum Protect

IBM has disclosed multiple critical and high-severity flaws across an array of products, the most severe of which exist in its IBM Spectrum Protect tool.

Security Camera Firm Arlo Zaps High-Severity Bugs

Bugs in Arlo Technologies’ equipment allow a local attacker to take control of Alro wireless home video security cameras.

Google July Android Security Bulletin Fixes 3 Critical RCE Bugs

Google fixed several critical and high-severity vulnerabilities in its Android operating system.

VMware Releases Security Advisory for Multiple Products

Original release date: July 2, 2019 VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available. This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability Summary for the Week of June 24, 2019

Original release date: July 1, 2019 The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info cesanta — mongoose An issue was …
Read More »

MongoDB Leak Exposed Millions of Medical Insurance Records

Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website

NCSC Releases Advisory on Ryuk Ransomware

Original release date: June 28, 2019 The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an advisory, Ryuk Ransomware Targeting Organisations Globally, on their ongoing investigation into global Ryuk ransomware campaigns and associated Emotet and TrickBot malware. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC advisory and the following for more information: Alert TA18-201A: Emotet Malware Multi-State Information Sharing and Analysis Center (MS-ISAC) White Paper: Security Primer – TrickBot Protecting Against Ransomware This …
Read More »

Death of the VPN: Enterprise Security Needs New Foundations

Twenty years in, enterprise VPNs occupy a uniquely solid position in a changing landscape.