Category Archives: Enterprise

Ransomware disrupts worldwide production for Belgian aircraft parts maker

ASCO Industries, a manufacturer of aerospace components with headquarters in Zaventem, Belgium, has been hit with ransomware, which ended up disrupting its production around the world. The attack reportedly started on Friday and the extent of the internal damage is still unknown. About ASCO Industries ASCO Industries is a privately held company that was acquired by Kansas-based Spirit AeroSystems in 2018. At the time it had 1,400 employees world-wide. It designs and manufactures wing components, … More

The post Ransomware disrupts worldwide production for Belgian aircraft parts maker appeared first on Help Net Security.

Lack of visibility and IT staff availability: The main challenges of enterprise decentralization

Enterprise IT reckons with fundamental changes to their networking infrastructure, teams are being stretched to the limit, requiring a new approach to network monitoring and management to regain visibility into all users and locations, the AppNeta report reveals. Stemming from the larger trend of enterprise decentralization, the report finds that a lack of IT staff availability was the top hindrance to issue resolution (25.6 percent) when end users report complaints, and the effects are trickling … More

The post Lack of visibility and IT staff availability: The main challenges of enterprise decentralization appeared first on Help Net Security.

BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable

Two weeks have passed since Microsoft released security fixes and mitigation advice to defang expected exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable unauthenticated remote code execution flaw in Remote Desktop Services (RDP). The vulnerability, reported by UK’s National Cyber Security Centre (NCSC), has the potential to be the means for attacks that could rival the 2017 WannaCry onslaught and NotPetya attacks. A recent scanning effort by Robert Graham, head of offensive security research … More

The post BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable appeared first on Help Net Security.

CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all. This flaw could enable an…

How mainstream media coverage affects vulnerability management

For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has made more people aware of the risks and of the need to keep their various devices (software) up-to-date and, with the increased digitization of our everyday lives, I would say that’s a definitive plus. But among those people are also partners and regulators, and executives and boards of directors who may demand their … More

The post How mainstream media coverage affects vulnerability management appeared first on Help Net Security.

If you haven’t yet patched the BlueKeep RDP vulnerability, do so now

There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP). But, as many infosec experts have noted, we’re not far off from when one is created and leveraged by attackers in the wild. With the vulnerability being wormable, when it hits, the exploit could end up compromising millions of systems around the world, … More

The post If you haven’t yet patched the BlueKeep RDP vulnerability, do so now appeared first on Help Net Security.

How to write an effective data breach notification?

Data breach notifications sent by companies to affected customers are often unclear and not very helpful, University of Michigan researchers have found. The problem(s) The researchers have analyzed 161 data breach notifications sent by companies to US consumers between January and June 2018, and discovered that: Most were lengthy and would be difficult to understand for the general public (they require advanced reading skills). Many companies downplay or obscure the likelihood of the receiver being … More

The post How to write an effective data breach notification? appeared first on Help Net Security.