- October 28, 2019Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.
- October 18, 2019In 2017, EternalBlue was the driving force behind one of the nastiest ransomware outbreaks on record. And despite available fixes, it is still being used by malware today—from ransomware to widespread cryptocurrency miners.
- October 02, 2019A zero-day attack exploits an unpatched vulnerability. Until a patch becomes available, it is often a race between threat actors trying to exploit the flaw and vendors or developers rolling out a patch to fix it.
- September 09, 2019Metasploit has published an exploit for the BlueKeep vulnerability (CVE-2019-0708), a much-discussed critical weakness that affects older versions of Microsoft Windows. The "wormability" of BlueKeep makes it dangerous, and id successfully exploited,
- August 08, 2019Another Mirai offshoot spotted: A variant of the Echobot botnet was found using over 50 exploits that lead to remote code execution (RCE), arbitrary command execution, and command injection in internet of things (IoT) devices.
- August 06, 2019There’s a new player in the exploit kit landscape. Dubbed Lord, this new exploit kit was initially seen delivering the njRAT malwarebefore distributing the Eris ransomware. Here's what you need to know about this threat.
- July 30, 2019The different threat scenarios that can happen to a smart home illustrate that compromised IoT devices can affect not just users' comfort and convenience but also their safety.
- July 29, 2019Hackers use fileless threats to take advantage of existing applications and attack systems. Here we discuss noteworthy events, techniques, and best practices that can help identify fileless threats and defend against attacks.
- July 23, 2019The US Department of Education released a security advisory on ERP vulnerabilities after 62 institutions were infiltrated, stealing students' IDs to create fake accounts.