VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The flaw, tracked as CVE-2020-3950, can be exploited by an attacker with regular user privileges to escalate privileges to root. The researchers who independently reported the issue to VMware, Rich Mirch…

The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk Based Security reveals. Vulnerabilities disclosed in Q1 2020: What happened? Many factors have been identified as potential contributors to this decline, including the COVID-19 pandemic,…

Greenbone Networks revealed the findings of a research assessing critical infrastructure providers’ ability to operate during or in the wake of a cyberattack. The cyber resilience of critical infrastructures The research investigated the cyber resilience of organizations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies:…

Senior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Results from a global external survey of over 400 security leaders that work in large financial services companies reveal concerns on security measurement and…

The telecommunications, retail and financial services industries have been increasingly impacted by COVID-19 online fraud, according to TransUnion. From a consumer perspective, Millennials have been most targeted by fraudsters using COVID-19 scams. Overall, the percent of suspected fraudulent digital transactions rose 5% from March 11 to April 28 when compared to Jan. 1 to March…

The plugin, Site Kit by Google, was designed to provide site admins with information on how people find and use their websites, providing insights from critical Google tools, straight to the WordPress dashboard. The plugin has over 400,000 active installations. The recently identified security flaw, which has already been patched by Google, is rated critical…

Security measures and password best practices have not taken priority in many regions during the shift to remote work due to the COVID-19 pandemic, according to a survey by OneLogin. Nearly 1 in 5 (17.4%) global respondents have shared their work device password with either their spouse or child, potentially exposing corporate data. External threats…

Entrust Datacard released the findings of its survey which highlights the critical need to address data security challenges for employees working from home as a result of the pandemic based on responses from 1,000 US full-time professionals. As social distancing mandates took effect in March 2020, employers found themselves in a massive remote work experiment,…

Zoom was a popular online conferencing application before COVID-19 infected the world, but the pandemic drove usage of the service to astronomical levels. Before the virus spread, the platform garnered about 10 million meeting participants a day. By March, that number was 200 million a day. “[W]e did not design the product with the foresight…