Flaw in popular VPN service may have exposed customer data
NordVPN praised its bug bounty program and said that a fix had been shipped within two days
Vulnerability
KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices
ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices
Plugin flaw leaves up to 200,000 WordPress sites at risk of attack
A fix is available, so you may want to make sure that you run the plugin’s latest version
Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws
February may be the shortest month of the year, but it brings a bumper crop of patches
Critical Bluetooth bug leaves Android users open to attack
Google releases a fix for the security hole that, if left unplugged, could allow attackers to run malicious code with no user interaction
New Internet Explorer zero‑day remains unpatched
You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a fix
Microsoft patches severe Windows flaw after tip‑off from NSA
The US intelligence agency expects attackers to waste no time in developing tools aimed at exploiting the vulnerability
Millions of modems at risk of remote hijacking
Multiple cable modem models from various manufacturers found vulnerable to takeover attacks
Mozilla rushes out patch for Firefox zero‑day
The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people's computers
It’s time to disconnect RDP from the internet
Brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connections; ESET releases a tool to test your Windows machines for vulnerable versions
Microsoft issues patch for Internet Explorer zero‑day
The critical vulnerability could also be exploited via a malicious Microsoft Office document
First BlueKeep attacks prompt fresh warnings
The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store
What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed
ESET Smart Home Research Team uncovers Echo, Kindle versions vulnerable to 2017 Wi-Fi vulnerabilities
Microsoft rushes out patch for Internet Explorer zero‑day
There is no word on which threat actor is abusing the severe vulnerability for attacks
Microsoft warns of new BlueKeep‑like flaws
Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10
VLC player has a critical flaw – and there’s no patch yet (updated)
On the flip side, there are currently no known cases of the vulnerability being exploited in the wild
BlueKeep patching isn’t progressing fast enough
Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation?
Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows
Critical bug found in popular mail server software
If exploited, the security hole in Exim could allow attackers to run arbitrary commands on vulnerable mail servers
NSA joins chorus urging Windows users to patch ‘BlueKeep’
The alert comes on the heels of Microsoft’s second advisory calling on people to take action before it’s too late