Microsoft releases emergency patches for Internet Explorer zero-day and Windows Defender flaw


Microsoft has released a pair of emergency patches, one for a remote code execution zero-day in Internet Explorer, and one for a denial of service vulnerability in Windows Defender.
In the case of Internet Explorer, the security flaw -- discovered by Clément Lecigne from Google's Threat Analysis Group -- is being actively exploited. Microsoft describes it as a "scripting engine memory corruption vulnerability", and has assigned it CVE-2019-1367.
3 must-do tasks to make vulnerability management useful in today's environments


I recently heard an executive describe how his team essentially threw its vulnerability report in the trash every time they received one. This seemed a bit extreme, but he informed a group of conference attendees that it wasn’t because the vulnerability reports didn’t contain important information -- it was because they have become so overwhelming.
Vulnerability management vendors today are routinely scanning for more than 100,000 vulnerabilities. Imagine the strain that places on an organization if even only a fraction of these vulnerabilities are found within their network. Then consider the feeling associated with the knowledge that there is no possible way to address them all in an effective time frame that will ensure that you are not at risk.
'Why am I right for the CISO job? Well, we had a massive data breach...'


A new study from Optiv Security shows that 58 percent of CISOs think experiencing a data breach makes them more attractive to potential employers.
The survey results show a fundamental change in how senior executives and board members perceive cybersecurity, with 96 percent agreeing that senior executives have a better understanding than they did five years ago.
Network-based solution offers SMBs enterprise-class security


A new network-based internet security solution from Comcast is specifically engineered to help small businesses effectively manage the growing risk of cyberattacks.
Comcast Business SecurityEdge works to protect devices connected to a business' Wi-Fi network against existing and emerging internet-related threats, including malware, ransomware, phishing and botnet infections, without requiring additional hardware or software beyond the Comcast Business Internet modem.
Disclosing vulnerabilities improves security for everyone


According to a new study 90 percent of IT professionals believe disclosing vulnerabilities serves a broader purpose of improving how software is developed, used and fixed.
The survey from application security testing specialist Veracode finds more than a third of companies received an unsolicited vulnerability disclosure report in the past 12 months, representing an opportunity to work together with the reporting party to fix the vulnerability and then disclose it, improving overall security.
Automated attacks on eCommerce get more sophisticated


The sophistication level of bots attacking eCommerce sites is on the rise according to a new report from cybersecurity company Imperva.
Traffic to eCommerce sites is made up of 17.7 percent bad bots, 13.1 percent good bots and 69.2 percent humans, the findings show, and the bad bots are getting better -- but not in a good way.
Cross-Site Request Forgery: How to protect your app from CSRF attacks


The rise of cyber-attacks in the last few years is stunning. The list of targeted organizations includes big name retailers like Macy’s, social sites like Twitter, banks, hospitals, utility companies, governments, military installations… no organization is exempt from this growing threat.
It’s a massive -- and expensive -- problem to fix. The cyber security market is predicted to grow from $150 billion in 2018 to $250 billion by 2023, to help protect apps and businesses from these risks. One of the most common, yet potentially highly dangerous, risks is known as Cross-Site Request Forgery or CSRF.
New open source tool helps prevent brute force and ransomware attacks


Ransomware attacks are a major problem and they often gain access to systems via brute-force attacks against open and exposed remote access points such as Remote Desktop Protocol.
Cloud-native virtual application delivery platform Cameyo is launching its new RDP Port Shield security technology, along with a free, open source monitoring tool that any organization can use to identify attacks taking place over RDP in their environment.
Information security needs to focus on the human factor


Human error has become one of the biggest contributors to data breaches. Organizations have traditionally relied on the effectiveness of technology controls but haven't addressed the fundamental reasons why humans make mistakes and are susceptible to manipulation.
A new report from the Information Security Forum finds that by helping staff understand how these vulnerabilities can lead to poor decision making and errors, organizations can better manage risk.
Saudi IT providers hit by supply chain attacks


Researchers at cybersecurity company Symantec have uncovered a new threat group dubbed 'Tortoiseshell' that is attacking IT providers.
The research has identified 11 targets, most of them in Saudi Arabia. In two cases hundreds of hosts were infected, probably because the attackers were hunting for machines that were of particular interest.
Healthcare industry needs treatment to improve data security


The healthcare sector collects a lot of detailed information about its clients and that makes it a prime target for cybercriminals.
A new report from SecurityScorecard confirms this, aggregating data from a number of different sources it reveals that healthcare remains the most breached industry.
Sneaky cryptocurrency-mining malware Skidmap hits Linux


Security researchers at TrendMicro have discovered a rootkit-like strain of malware that is striking Linux users. Called Skidmap, the malware is a cryptocurrency miner, but there is much more to it than that.
Skidmap is clever. Very clever. It goes out of its way to disguise itself, going as far as faking system statistics to hide the tell-tale high CPU usage that might give it away. More than this, the Monero-mining malware can also give attackers unlimited access to an infected system.
LastPass fixes bug that exposed passwords


The browser extensions for password management tool LastPass suffered from a vulnerability that meant users' passwords could be leaked, a Google Project Zero researcher reported.
Affecting the Chrome and Opera extensions, the vulnerability meant that malicious websites could trick LastPass into exposing usernames and passwords. LastPass explains that the problem stemmed from a "limited set of circumstances" that allowed for clickjacking. The good news is that the security flaw has been patched.
Cloud-based security module helps protect systems and ensure compliance


Protecting sensitive data and meeting compliance rules is an issue for all companies. A new cloud-based module offers on-demand encryption to allow businesses to meet their security needs.
The hardware security module (HSM) from nCipher Security is called nShield and, delivered as a service, can be used in cloud-first strategies, selective cloud migration, or to add HSM capacity to handle workload spikes.
FireMon launches security process automation


As businesses dash towards digital transformation initiatives and the cloud, the pressure to secure both systems and data becomes more intense.
One answer to this is a security automation approach that enables growth while providing visibility across all cloud environments, responding to critical incidents and protecting for governance, risk and regulation compliance.
Recent Headlines
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.