Vulnerabilities & Exploits

We looked back at 2018’s mobile threat landscape to see the possible threats that lie ahead and help users and organizations proactively defend against them.

CVE-2019-5736 is a vulnerability involving the runC runtime component, which is used for container platforms such as Docker and container orchestration platforms such as Kubernetes.

Looking back at the most significant issues of 2018, we saw shifting cybercriminal strategies and lingering security threats. Enterprises faced a multitude of challenges, but careful study of these issues can present opportunities for improvement.

Owners and administrators of WordPress websites that use the “Total Donations” plugin are advised to remove the plugin after a zero-day vulnerability and design flaws were seen actively exploited in the wild.

Radio frequency (RF) technology is being used in operations to control various industrial machines. However, the lack of implemented security in RF communication protocols could lead to production sabotage, system control, and unauthorized access.

Fileless threats aren’t as visible compared to traditional malware and employ a variety of techniques to stay persistent. Here's a closer look at how fileless malware work and what can be done to thwart them.

Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape.

Two Adobe Flash zero-day vulnerabilities using Microsoft documents are seen in an ongoing spam campaign. Users and enterprises using legacy systems are advised to patch immediately to prevent these critical flaws abused for possible attacks.

Users of Apache Struts are encouraged to make a necessary update to prevent two vulnerabilities from being exploited and used for remote code execution and denial-of-service attacks.