Archive for the ‘cyber security’ Category

Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

July 9th, 2019
Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects,

Posted in cyber security, GitHub, hacking news, javascript injection, Lodash, Open Source, Prototype Pollution, Vulnerability, Web Framework | Comments (0)

Cynet Launches Free Offering For Incident Response Service Providers

July 9th, 2019
More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization's cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security team to enterprises with a fully equipped SOC. The hands of the incident response service

Posted in cyber security, Cynet, Enterprise Security, incident response, network security | Comments (0)

Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams

July 9th, 2019
If you use Zoom video conferencing software on your Mac computer—then beware—any website you're visiting in your web browser can turn on your device camera without your permission. Ironically, even if you had ever installed the Zoom client on your device and simply uninstalled it, a remote attacker can still activate your webcam. Zoom is one of the most popular cloud-based meeting platforms

Posted in cyber security, hacking news, hacking webcam, Mac security, Video Conferencing Software, video hack, Vulnerability, web server, webcam hacking | Comments (0)

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

June 21st, 2019
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and

Posted in arbitrary code execution, Buffer Overflow, cyber security, hacking news, media player, Software vulnerabilities, VLC media player, Vulnerability | Comments (0)

Gain the Trust of Your Business Customers With SOC 2 Compliance

June 19th, 2019
In today's business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which organisation A provides services to organization B, it’s imperative for the latter to be absolutely

Posted in cyber security, cyber security compliance, cybersecurity webinar, SaaS provider, SOC 2 Audits, SOC 2 compliance, webinar | Comments (0)

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

June 19th, 2019
Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a Java-based multi-tier enterprise application

Posted in cyber security, Deserialization Vulnerability, hacking news, Oracle WebLogic Server, remote code execution, Vulnerability, Zero-Day Vulnerability | Comments (0)

Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks

June 19th, 2019
Important Update [21 June 2019]—Mozilla on Thursday released another update Firefox version 67.0.4 to patch a second zero-day vulnerability. If you use the Firefox web browser, you need to update it right now. Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting

Posted in cyber security, Download Firefox, mozilla security, software update, Vulnerability, zero-day | Comments (0)

5 Keys to Improve Your Cybersecurity

June 18th, 2019
Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy. However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to

Posted in business cybersecurity, Cyber Attack, cyber security, cybersecurity, Device security, Enterprise Security, hacking news, malware detection | Comments (0)

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

June 13th, 2019
Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome

Posted in Browser extensions, chrome, chrome extension, Cross site scripting, cyber security, Universal XSS, Web Application Security, Web Application Vulnerability, website hacking | Comments (0)

When Time is of the Essence – Testing Controls Against the Latest Threats Faster

June 12th, 2019
A new threat has hit head the headlines (Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint

Posted in Breach and attack simulation. BAS solutions, Cyber Attack, cyber security, data breach, endpoint security, Enterprise Security, malware protection software | Comments (0)