Detectify now has a built-in detection for vBulletin RCE CVE-2019-16759, thanks to a report from our Crowdsource community. Last week, a proof-of-concept exploit for a Remote Code Execution (RCE) vulnerability for vBulletin forum software CVE 2019-16759 was disclosed publicly. The vulnerability was exploited in the wild and actively being exploited by malicious attackers.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A serious breach from a popular game was announced earlier in the week. Considering the prevalence of linking many such games with Facebook and other social media platforms, such an exposure gives a great ‘way in’. If you’ve not done it already, go check what access you’ve granted to your data.

New research has found that cyber attacks on UK businesses increased by 243% over the summer, compared to the same time period in 2018. Hastings-based business ISP, Beaming, found that UK firms experienced 157,528 cyber-attacks each on average between July and September, up from just 45,970 during that same time last year. The company detected over 500,000 unique IP addresses used during the cyber attacks and found that the number originating from China more than doubled since last year.

Network security is the process of using physical and software security solutions to protect the underlying network infrastructure from unauthorized access, misuse, malfunction, modification, destruction or improper disclosure, creating a secure platform for computers, users and programs to perform their functions in a secure environment.

You might have noticed this incident: Users of some online service providers lose their accounts en masse yet the companies assert that there haven’t been any intruders on their systems. It may sound unlikely, but in most cases they have a valid point. With the new hacking technique called credential stuffing, it is possible. Read our article to learn more.

Finding a zero-day (0-day) is probably one of the best feelings in the world for a hacker, and sometimes we receive these submissions through Detectify Crowdsource, our bug bounty platform. This article will explain how Detectify handles 0-days with transparency to responsibly work with vendors, researchers and customers with the disclosure.

Karim Rahal, Detectify Crowdsource hacker, is a 17-year-old web-hacker who has been hacking for the greater part of his teenager years. At age 13, he started to responsibly disclose vulnerabilities—and he even blogged about one he found in Spotify! Karim still makes time for bug bounty programs, despite school. We asked Karim to tell us why Firefox is the best choice from a white hat hacker’s point-of-view.

The U.S. Food and Drug Administration (FDA) issued a formal warning on Tuesday on vulnerabilities detected in decades-old software used in many of today's medical devices and hospital networks. The warning claims that 11 vulnerabilities exist in IPnet, a third-party software component that supports network communications across computers.

Malware, or malicious software, is any program or file that harms a computer or its user. Common types of malware include computer viruses, ransomware, worms, trojan horses and spyware. These malicious programs can steal, encrypt or delete sensitive data, alter or hijack key computing functions and to monitor the victim's computer activity.

As ransomware attacks continue to cripple networks, most recently forcing medical centres to shut down their systems and turn away patients, the FBI has issued some unambiguous advice for organisations on how they should handle ransom demands: Don’t pay.