Today’s global ransomware attack is spreading via EternalBlue and through local networks using PSEXEC and WMIC.

Google Project Zero’s Tavis Ormandy found another remote code execution vulnerability in the Microsoft Malware Protection Engine, the third since early May.

Fighting attackers needs a new approach that leverages a public-private data sharing framework, enabling immediate and collective responses.

Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab’s latest report, WannaCry hitting Honda, GhostHook, and Fireball.

Siemens patched two vulnerabilities in products, SIMATIC CP and XHQ, commonly found in industrial control system setups this week

Researchers at CyberArk have developed a bypass for Windows PatchGuard that leverages Intel’s Processor Trace (Intel PT) technology to execute code at the kernel.

Developers with Drupal patched three vulnerabilities, one critical, one being exploited in the wild, in Drupal’s core engine on Wednesday.

The good news is the cost of a data breach is down double-digits, the bad news the size and scope of breaches is creeping up.

Cisco patched three vulnerabilities in three products this week that if exploited, could have resulted in a denial of service, crash and in some instances, arbitrary and remote code execution.

Avaya released a patch last week for a remote code execution vulnerability in its Avaya Aura Application Enablement Services software.