By: Jindrich Karasek and Augusto Remillano II Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this year’s first quarter saw a surge of attacks — whether by […]

Must have been the cyber security course’s day off Lancaster University – which offers a GCHQ-accredited degree in security – has been struck by a “sophisticated and malicious phishing attack” that resulted in the leak […]

A security hole affecting the free and open source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and possibly execute arbitrary code. read more Source: ProFTPD Vulnerability Can […]

Original release date: July 22, 2019 As part of the effort to #Protect2020 , the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities […]

This is the second part of a blog post from the Microsoft Security Response Center. It examines the classes of vulnerabilities introduced in modern systems programming languages, like C/C++, and makes the case for replacing […]

Enlarge (credit: One of the slides posted to Github ) A security researcher has published a detailed guide that shows how to execute malicious code on Windows computers still vulnerable to the critical BlueKeep vulnerability. […]

A fascinating read with great technical analysis of many memory-related security vulnerabilities. This is one of a series of blogs aimed at encouraging developers to move from C/C++ to perceived memory-safe languages, like Rust. Read […]

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 12 and July 19. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post […]