Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

In December 2019, Citrix announced that their flagship product, Citrix Application Delivery Controller (ADC) and Gateway, had a vulnerability that would allow code execution to take place on affected devices without any authentication. This vulnerability (designated CVE-2019-19781) was severe - on a scale of 1 to 10 it was deemed a 9.8 meaning that an attacker able to exploit this vulnerability could do serious damage.

Research by Cybersecurity Ventures projects a doubling of the global cost of cybercrime in the 2015-2021 period from $3 trillion to $6 trillion. The escalation of cybercrime is closely related to the rapid expansion of the cyber attack surface. For instance, the total number of Internet users doubled between 2015 and 2018 from 2 billion to 4 billion, and is expected to hit 6 billion by 2022.

The NIS Directive is the first EU horizontal legislation addressing cybersecurity challenges and a true game-changer for cybersecurity resilience and cooperation in Europe. The Directive has three main objectives. The NIS Directive is the cornerstone of the EU’s response to the growing cyber threats and challenges which are accompanying the digitalization of our economic and societal life.

Many years ago when I first started my career in network security as a support engineer, I received a phone call from a customer. (Let’s call him “Frank.”) He used our vulnerability scanner as a consultant for his own customers, and he was concerned that the scanner came back with 0 results. After reviewing his set-up, I easily discovered the answer.

In today’s world, we enjoy incredible mobility that our ancestors could only dream of. In a matter of hours or, at most, days, we can go from one continent to another. At the same time, our lives depend on the security of all sorts of our private data: from our credit card information to our browsing habits. But if at our homes we can be sure that we have taken sufficient security measures and protected our systems, things get muddier when we travel.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Cast your mind back to the Ashley Madison breach and the black-mailing of members revealed in that breach. I don’t recall another like it until recently. This time though, with how common ransomware has become, are we going to see more victims approached as well as the source of the data breach?

Data visualization techniques provide organizations with strong allies in their fight against cyber threats. In this article, we took a closer look at the importance and techniques of cyber data visualization. Cybersecurity has been gaining more and more importance due to the increasing number of cyber attacks and hackers threatening organizations of every size. As a result, new methods and approaches regarding cybersecurity are being discussed.

Last updated: 20th January, 9.45am. A critical Citrix vulnerability (CVE-2019-19781) is currently under mass exploitation. To detect if your organisation is compromised, Redscan has developed a script that will examine your host.

Data destruction is an aggressive attack technique observed in several nation-state campaigns. This technique under MITRE ATT&CK 1485, describes actions of adversaries that may “..destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives”.