Exploitation of software vulnerabilities has become one of the most popular ways to gain access to users’ machines, but F-Secure is reinforcing its exploit defenses with enhanced proactive protection.
While IT security professionals recognize the threat posed by unwitting employees, many still admit to allowing administrative privileges to go unmanaged, making organizations increasingly vulnerable to malware exploits and unauthorized software, according to Avecto.
Less than two weeks after Google researcher Tavis Ormandy released information about a new Windows zero-day vulnerability on the Full Disclosure mailing list and asked for help in creating an exploit, he has returned with one and added that there is another one already in circulation.
The debate regarding responsible vulnerability disclosure and full vulnerability disclosure has been started many times in the past, and it's an issue that will continue to be debated in the future even though the likelihood of reaching a consensus is practically nil.
Administrators of servers running Ruby on Rails are advised once again to upgrade to the latest versions of the framework (3.2.11, 3.1.10, 3.0.19, and 2.3.15), as a vulnerability that exists in previous versions is being actively exploited in the wild to rope servers into an IRC botnet.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.