Oracle JavaVM Database Takeover

A new vulnerability discovered in the Oracle Database JavaVM component can result in complete database compromise and shell access to the underlying server. Background Oracle released an out-of-band update to its flagship database product for an authenticated vulnerability in the JavaVM component. According to Oracle, the vulnerability "can result in complete compromise of the Oracle Database … [Read more...]

Financial Sector Battered by Rising Compliance Costs

Finance is already an outlier in terms of IT costs. The industry devotes 10.5% of total revenue to IT—and on average, each financial industry IT staffer supports only 15.7 users, the fewest of any industry. All over the world, financial services companies are facing skyrocketing compliance costs. Almost half the respondents to a recent Accenture survey of compliance officers in 13 countries … [Read more...]

DEF CON 26 Highlights US Electronic Voting Machines Security Flaws

DEF CON 26 is over, but more questions than answers remain. After all we've seen, are electronic voting machines really the best and safest way to cast our votes? … [Read more...]

Black Hat USA 2018: ransomware is still the star

The Malwarebytes team was at the annual Black Hat USA event held in Las Vegas at the Mandalay Bay Hotel from August 4–9. Large crowds walked through the expo floor, attended talks, and participated in trainings. Among the many topics discussed, ransomware came up as one of the main issues that both consumers and businesses face. While it has been slowing down from previous years, ransomware … [Read more...]

August 2018 – Microsoft Patch Tuesday

Here we go again. It’s August 14, and after last month’s buggy patches – with numerous known issues, particularly regarding .NET, Windows 7 and 8.1 – it’s not surprising that many IT pros are feeling at least a little wary but what might be in store this time. There were enough problems that Woody Leonhard […] … [Read more...]

Under the hoodie: why money, power, and ego drive hackers to cybercrime

Just one more hour behind the hot grill flipping burgers, and Derek* could call it a day. Under his musty hat, his hair was matted down with sweat, and his work uniform was spattered with grease. He knew he’d smell the processed meat and smoke for the next three days, even after he’d showered. But it was money, he supposed. “Derek!” His manager slapped him on the shoulder. “A little bird told me … [Read more...]

Intrusion Detection Systems (IDS) vs Intrusion Prevention Systems (IPS): What’s What?

An Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) have very similar acronyms by which they are commonly known, yet they perform very different tasks within the network security process. So what exactly do they do, how do they do it, and does your organization need either, neither, or both as part of your overall security posture? Intrusion Detection System 101 Read More … [Read more...]

Summer offers to kick-start your cyber security journey. Don’t miss out! 

IT Governance is a leading global provider of IT governance, risk management and compliance solutions, with a special focus on cyber resilience, data protection, the PCI DSS (Payment Card Industry Data Security Standard), ISO 27001 and cyber security.  We are committed to helping organisations protect themselves and their customers from the perpetually evolving range of cyber threats. Our deep … [Read more...]

Tenable Research Reveals Critical Need to Secure Public Utilities against Cyberattack

[Read more...]

Foreshadow: Speculative Execution Attack Targets Intel SGX

A flaw in Intel’s Software Guard Extensions implementation allows an attacker to access data stored in memory of other applications running on the same host, without the need for privilege escalation. Background Researchers discovered a flaw in Intel’s Software Guard Extensions (SGX) implementation that opens up a new speculative execution attack called Foreshadow (CVE-2018-3615). In addition, … [Read more...]