Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users.To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July.That's likely because both flaws reside in the … [Read more...] about Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
Critical
Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk
Cybersecurity researchers from JSOF have just published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting the TCP/IP stack developed by Treck. This software stack is integrated into millions of systems used in the healthcare, transportation, manufacturing, telecoms and energy markets, potentially affecting a very large number of organizations and critical … [Read more...] about Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk
Critical Bugs and Backdoor Found in GeoVision’s Fingerprint and Card Scanners
GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks.In a report shared exclusively with The Hacker News, enterprise security firm Acronis said it … [Read more...] about Critical Bugs and Backdoor Found in GeoVision’s Fingerprint and Card Scanners
The Importance of the Network in Detecting Incidents in Critical Infrastructure
As we saw in my last blog, the network plays a key role in defending critical infrastructure and IoT. The devices that we are connecting drive our business, enabling us to make smarter decisions and gain greater efficiency through digitization. But how do we ensure those connected devices are acting as intended? From an industrial operations perspective, we need to know that … [Read more...] about The Importance of the Network in Detecting Incidents in Critical Infrastructure
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could … [Read more...] about Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app.Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by … [Read more...] about 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
The Criticality of the Network in Securing IoT and Critical Infrastructure
Security is the key to the success of any digital project, whether you are connecting critical infrastructure, industrial Internet of Things (IoT), or delivering data and telemetry to reduce costs and increase revenue. We have long advocated the need for a holistic approach to IoT security, and with it, shared the vital role the network plays in embedding security. To further … [Read more...] about The Criticality of the Network in Securing IoT and Critical Infrastructure
DevSecOps: Blending Critical Operations and Cultures to Increase Data Security
Two major shifts are affecting organizational cybersecurity posture: digital product and service offerings are increasingly powered by mobile, cloud and data analytics; while developers of those products and services are migrating to Development Operations (DevOps) processes for greater agility and scale. Because both of these trends have security implications, CISOs are … [Read more...] about DevSecOps: Blending Critical Operations and Cultures to Increase Data Security
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned.One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also … [Read more...] about [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
Update Google Chrome Browser to Patch New Critical Security Flaws
Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately.Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security patches for 1 critical and 3 high-risk security vulnerabilities, the most severe of … [Read more...] about Update Google Chrome Browser to Patch New Critical Security Flaws