An anonymous security researcher called SandboxEscaper has publicly shared a second zero-day exploit that bypasses a recently patched vulnerability in the Microsoft Windows operating system. Dubbed ByeBear, the new exploit abuses Microsoft Edge browser to write discretionary access control list (DACL) as SYSTEM privilege. “It’s going to increase the threadRead More…
China’s Huawei Technologies needs to raise its “shoddy” security standards which fall below rivals, a senior British cyber security official said on Thursday, as the company came under increasing pressure internationally, a Reuters report said. The US has led allegations that Huawei’s equipment can be used by Beijing for espionageRead More…
A zero-day vulnerability has been found that affects Windows systems with active Remote Desktop Protocol (RDP) sessions. Called CVE-2019-9510, the vulnerability lies in Windows RDP Network Level Authentication(NLA) that allows attackers to bypass Windows lock screen and permit unauthorized access to the system. Those systems with Windows 10 (version 1803Read More…
A Google Project Zero researcher has discovered a memory corruption bug in the Microsoft’s Windows Notepad application, which can be used to open remote shell access – typically a first step for attackers infiltrating a system. The researcher noted in a tweet that that the bug was tied to aRead More…
Flipboard has said that a security breach has led to the leak of usernames, email addresses, and protected passwords accessed by hackers. Company officials said that between June 2018 and April 2019, attackers gained unauthorized access to the Flipboard database and “potentially obtained copies” of some databases. However, it has notRead More…
IBM Security today announced the results of a Middle East study exploring organizations’ preparedness in the Kingdom of Saudi Arabia (KSA) and the United Arab Emirates (UAE) when it comes withstanding and recovering from a cyber attack. The study, conducted by Ponemon Institute and sponsored by IBM Resilient, found thatRead More…
Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises, today announced results of a new survey in partnership with TechVangelism that indicate the majority of organizations are ill-prepared to protect themselves against privileged access abuse, the leading cyber-attack vector. Seventy-nine percent of organizations do not haveRead More…
FireEye, announced the acquisition of Verodin, the leader in validating the effectiveness of cyber security controls. The transaction, valued at approximately $250 million in cash and stock will significantly enhance the FireEye portfolioRead More…
