Articles about Security

Microsoft has released a series of out of-band security patches for the PrintNightmare bug that was recently exposed. The remote code execution vulnerability exits in the Windows Print Spooler; it affects all versions of Windows, and the company is even offering patches for the unsupported Windows 7.

Previously, Microsoft had only been able to suggest workarounds to mitigate against the security problems, so it was left to 0patch to help out with a free bug-fix. But now patches are available for this serious security issue (CVE-2021-34527) that leaves systems at risk of attack.

Continue reading →

Microsoft has issued a warning to users of PowerShell 7.0 and 7.1 to update their software to protect against a .NET Core remote code execution vulnerability.

Tracked as CVE-2021-26701, the vulnerability is described as critical and could affect Windows, macOS and Linux. The security issue has been known about for a little while, but Microsoft is only now urging users to install updates to ensure that they are protected.

Continue reading →

Micropatching specialist 0patch has stepped into help out with a fix for the PrintNightmare vulnerability that was recently accidentally leaked by security researchers.

While Microsoft has acknowledged that there is a security flaw in Windows Print Spooler that could lead to remotely compromised systems, the company has only offered workarounds rather than a patch. And so 0patch -- no stranger to helping out in such situations -- has stepped up to the plate and issued free micropatches of its own.

Continue reading →

When security researchers inadvertently published technical details of a remote execution vulnerability in Windows Print Spooler thinking (wrongly) that it had been patched, there was concern about the implications.

And rightly so. Microsoft has confirmed people's worst fears, saying that the PrintNightmare security flaw is already being exploited. There is a little good news, however. The company also suggests some workarounds that can be used to protect systems until a patch is produced.

Continue reading →

Ransomware is behind many of the latest cyber attacks and it can be hard for defenders to track the ever-growing number of variants and the botnets behind them.

Threat intelligence company DomainTools has been taking a look at the booming underground economy surrounding ransomware with a focus on the most prolific ransomware families.

Continue reading →

Security researchers have inadvertently leaked details of a critical Windows print spooler vulnerability, dubbed PrintNightmare, along with a proof-of-concept. The flaw -- said be a Stuxnet-style zero-day -- can be exploited to completely compromise a Windows system.

Microsoft issued a patch for CVE-2021-1675, described as a "Windows Print Spooler Elevation of Privilege Vulnerability" last Patch Tuesday, and this is when things went wrong. Having seen that this patch had been published, security researchers then released technical details of what they thought was the same vulnerability, along with a proof-of-concept. But they had in fact released information about a different -- albeit similar -- vulnerability.

Continue reading →

A new report from cloud email and collaboration specialist Avanan shows healthcare and manufacturing as two of the top industries being targeted by hackers in the first half of the year.

The most attacked industries are IT, healthcare, and manufacturing. IT saw over 9,000 phishing emails in a one month span, out of an average of 376,914 total emails. Healthcare saw over 6,000 phishing emails out of an average of 451,792 total emails and manufacturing saw just under 6,000 phishing emails out of an average of 331,184 total emails.

Continue reading →

Consumers aren't paying attention to major cybersecurity attacks threatening operational technology and critical infrastructure, indicating that businesses must focus on security as employees return to the office.

A survey of over 2,000 people from across the US by asset visibility and security platform Armis reveals that over 21 percent of respondents haven't even heard about the cyberattack on the largest US fuel pipeline, and almost half (45 percent) of working Americans didn't hear about the attempt to tamper with Florida’s water supply.

Continue reading →

One of the problems with open source vulnerability databases is that each uses its own format to describe vulnerabilities and this makes tracking and sharing of vulnerabilities between databases difficult.

To address this and boost security, the Google Open Source Security team, Go team, and the broader open-source community have been developing a simple vulnerability interchange schema for describing vulnerabilities.

Continue reading →

Security researchers from Eclypsium have discovered a total of four vulnerabilities in Dell's SupportAssist software. As the software is pre-installed on the majority of Dell machines running Windows, millions of systems are at risk of remote attack.

Eclypsium says that a total of 129 Dell models are affected by the security issues. The chain of vulnerabilities that leaves systems open to attack has a cumulative CVSS score of 8.3 (High) and there is a warning that they "pose significant risks to the integrity of Dell devices".

Continue reading →

In the last 18 months 98 percent of companies in a new survey have experienced at least one cloud data breach -- up from 79 percent last year.

The research, conducted by IDC for cloud infrastructure company Ermetic, reveals that of the 200 CISOs and security decision makers surveyed 67 percent report three or more breaches, and 63 percent say they had sensitive data exposed.

Continue reading →

The IT budgets of small and medium businesses will prioritize three things in the coming year: remote management (58.4 percent), security (55.9 percent), and cloud services (50.1 percent), according to a new report.

The latest State of the SME IT Admin Report from JumpCloud also reveals that 74 percent of the 400+ IT decision makers surveyed say remote work makes it harder for employees to follow good security practices.

Continue reading →

Many CISOs I speak with across Europe tell me their cybersecurity teams rely on two, primary open-source platforms within their security operations (SecOps). The first is Malware Information Sharing Platform (MISP), that allows the storing and sharing of indicators of compromise (IoCs) with other MISP users. The second is TheHive, designed for security incident response (IR). The two solutions are tightly integrated so that SOCs, CERTs and any security practitioner can act more quickly when incidents happen. 

For organizations with limited resources or just beginning to build a SecOps practice, MISP and TheHive are easy-to-use tools to help your teams react to malicious threats. The next step to proactively mitigate risk from the full breadth of threats your organization is facing, is to leverage MISP and TheHive to create a cyber threat intelligence (CTI) practice. To do this, you need to consider a third platform that integrates with these two solutions and provides five essential capabilities for a CTI practice so your teams can get ahead of threats.

Continue reading →

A new email security report from GreatHorn reveals that 30 percent of links received by email lead to malicious sites.

Spoofed email accounts or websites are the most experienced form of a business email compromise (BEC) attack as 71 percent of organizations acknowledge they have seen one over the past year. This is followed by spear phishing (69 percent) and malware (24 percent).

Continue reading →

New research from Deep Instinct finds that 78 percent of SecOps professionals are concerned that cyber adversaries will develop and deploy AI to cause a global cyber incident in the next 12 months.

The study of 600 IT and cybersecurity professionals finds more than half of respondents believe ransomware or zero-day attacks are the biggest threats to their organization.

Continue reading →