Security News
Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers - but actually spreads banking credential-stealing malware. Researchers recently uncovered emails that distributed malicious files masquerading as resumes and CVs. The files, attached in Microsoft Excel format, were sent via email with subject lines such as: "Applying for a job" or "Regarding job." As victims opened the attached files, they were asked to "Enable content."
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. Built as a utility to monitor and update the state of servers, Salt employs a master-slave architecture that automates the process of pushing out configuration and software updates from a central repository using a "Master" node that deploys the changes to a target group of "Minions" en masse.
Risk Based Security's VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above. Risk Based Security also identified a total of 302 vulnerabilities impacting Electronic Voting Machines, 289 of which have no known solution.
It is in businesses’ best interest to hire cybersecurity leaders who have suffered an avoidable breach, because of the way it changes how security professionals think, feel and behave, according...
The mechanics of prioritizing one vulnerability’s business risk over another has always been fraught with concern. What began as securing business applications and infrastructure from...
The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system...
The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the...
While the Common Vulnerability Scoring System (CVSS) can be useful for rating vulnerabilities, the scores assigned to flaws affecting industrial control systems (ICS) may be misleading, which can...
The National Institute of Standards and Technology (NIST) is planning to use IBM’s Watson to evaluate how critical publicly reported computer vulnerabilities are and assign an appropriate severity...