Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out y...

Vulnerabilities are a Cybercriminal’s Best Friend

When discussions around the ways cybercriminals and hackers are able to compromise and penetrate an organization, it regularly leads to the use of exploits and exploit kits. Because all software can contain flaws and bugs, a threat actor only has to either find a new, undisclosed vulnerability...

[SECURITY] Fedora 26 Update: patch-2.7.6-3.fc26

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

Solaris 10 (sparc) : 139291-02

SunOS 5.10: pgadmin3 sources patch. Date this patch was last updated by Sun : Apr/13/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (sparc) : 148004-01

SunOS 5.10: libpixbufloader-gif.so patch. Date this patch was last updated by Sun : May/07/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 10 (x86) : 125138-71

JavaSE 6x86: update 71 patch equivalent to JDK 6u71. Date this patch was last updated by Sun : Jan/14/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc...

Recline on the Qualys Couch: Examining Patching Behavior

In a perfect world, organizations would patch vulnerabilities immediately after they’re disclosed, preemptively blocking exploits and dodging most cyber attacks. Of course, reality is far from that hypothetically ideal state. Organizations often leave critical vulnerabilities unpatched for months...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 19, 2018

Earlier this week, Trend Micro released its Security Roundup for 2017, which reveals an increase in ransomware, cryptocurrency mining and business email compromise BEC attempts over the past year as cybercriminals refined and targeted their attacks for greater financial return. Surprisingly, some...

Securing IT Assets By Prioritizing Protection And Remediation

As hackers get faster at weaponizing exploits for disclosed bugs, InfoSec teams need — more than ever — automated, continuous and precise IT asset inventorying, vulnerability management, threat prioritization and patch deployment. Critical vulnerabilities that linger unpatched for weeks or months...

Meltdown and Spectre Aren’t Business as Usual

The new year brought a new vulnerability type — the CPU-based Meltdown and Spectre bugs — that’s forcing vendors and IT departments to modify long-standing ways of identifying threats, prioritizing remediation, managing patches and evaluating risk. “Meltdown and Spectre are different...

“Ready Player One” – Are you Ready to Protect Your Endpoints from the Bad Guys?

At times it can feel like a game as you watch the cyber-breach scorecards. Yahoo 3 billion users, Equifax 143 million consumers, Uber 57 million users, Imgur 1.7 million users are just a sample of the companies that have released new information on large breaches in the last few months...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of December 4, 2017

It snowed in Austin, Texas last night. It’s not a big deal for those of you who live in areas where you’re used to snow, but for those of us who are native Texans, it’s a big deal. Funny enough, I had scheduled a maintenance appointment for later today to make sure our heater is in working order...

abc.com.lb XSS vulnerability

Vulnerable URL: http://www.abc.com.lb/site/search?type=1='" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 691434 VIP website status:| No Check abc.com.lb SSL connection:| Grade: B...

The Latest on WannaCry, UIWIX, EternalRocks and ShadowBrokers

Ransomware has gained global attention over the course of the last two weeks due to the huge spread of WannaCry. Following the initial attacks, we’ve seen UIWIX, Adylkuzz and now EternalRocks come onto the scene leveraging the same core set of vulnerabilities. The common thread between the three...

Why “Just Patch It!” Isn’t as Easy as You Think

At the Zero Day Initiative ZDI, we see patches in a way few do. We get the initial report from a researcher, we verify the issue internally, we notify the vendor, and finally we publish some details once a patch is released. Those patches represent the best method for preventing cyber attacks...

WannaCry about Vulnerability Management

Nearly all mainstream media wrote today about massive ransomware attacks around the world: 16 medical institutions in UK, strong rumours that huge companies in Russia, and even Russian Ministry of Internal Affairs suffered a damage. At this moment Kaspersky recorded more than 45,000 attacks in 74...

Virtual Patching: A Lifesaver for Web App Security

Here’s a common scenario organizations increasingly face: Too many web apps with too many vulnerabilities and no chance for immediate remediation. In the interim, the organization is left exposed to potentially devastating breaches, at a time when web apps have become one of cyber attackers’...

Protecting Your Web Apps with AppSpider Defend Until They Can Be Patched

AppSpider scans can detect exploitable vulnerabilities in your applications, but once these vulnerabilities are detected how long does it take your development teams to create code fixes for them? In some cases it could take several days to weeks before a fix/patch to resolve the vulnerability ca...

Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Despite the disruption of Axpergle Angler, which dominated the landscape in early 2016, exploit kits as a whole continued to be a threat to PCs running unpatched software. Some of the most prominent threats, from malvertising to ransomware, used exploit kits to infect millions of computers...

FTC sets $25,000 Prize for Automatic IoT Patch Management Solution

The U.S. Federal Trade Commission has announced a "prize competition" for creating a software or hardware-based solution with the ability to auto-patch vulnerable Internet of Things IoT devices. Today we are surrounded by a number of Internet-connected devices. Our homes are filled with tiny...