BlueKeep patching isn’t progressing fast enough
Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation?
Vulnerability
Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows
Critical bug found in popular mail server software
If exploited, the security hole in Exim could allow attackers to run arbitrary commands on vulnerable mail servers
NSA joins chorus urging Windows users to patch ‘BlueKeep’
The alert comes on the heels of Microsoft’s second advisory calling on people to take action before it’s too late
Patch now! Why the BlueKeep vulnerability is a big deal
What you need to know about the critical security hole that could enable the next WannaCryptor
EternalBlue reaching new heights since WannaCryptor outbreak
Attack attempts involving the exploit are in hundreds of thousands daily
Bug in EA’s Origin client left gamers open to attacks
The gaming company has rolled out a fix for the remote code execution vulnerability, so make sure you run the platform's latest version
WPA3 flaws may let attackers steal Wi‑Fi passwords
The new wireless security protocol contains multiple design flaws that hackers could exploit for attacks on Wi-Fi passwords
‘Highly critical’ bug exposes unpatched Drupal sites to attacks
Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads
EU offers bug bounties on popular open source software
The program with a prize pool of almost US$1 million aims to leverage the ‘power of the crowd’ in order to prevent another Heartbleed
Microsoft issues emergency fix for Internet Explorer zero‑day
Details are sparse about a security hole that Microsoft said is being exploited in targeted attacks
PowerPool malware exploits ALPC LPE zero‑day vulnerability
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure
Can cramming code with bugs make it more secure? Some think so
Unbeknownst to exploit writers, the seemingly mouth-watering bugs would be bogus and non-exploitable
Software bugs put nearly 100 million health records at risk of exposure
The slew of vulnerabilities – since patched – were found without the use of automated testing tools
HP offers rewards for hacking its printers
But don’t get too excited just yet: the first-of-its-kind bug bounty program for printers is invite-only for now
Bluetooth bug could expose devices to snoopers
Patches have already been released or are expected to see the light of day soon
Open source code is ubiquitous and so are many vulnerabilities
One-third of audited codebases that contain Apache Struts suffer from the same vulnerability that facilitated the Equifax hack a year ago
A tale of two zero‑days
Double zero-day vulnerabilities fused into one. A mysterious sample enables attackers to execute arbitrary code with the highest privileges on intended targets
One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak
The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems
Drupal releases patch fixing “highly critical” flaw
The update plugs a security hole that exposes a million Drupal websites to attacks