A massive wave of ongoing attacks has been targeting more than 1.6 million WordPress sites, researchers at Wordfence say. So far, they've counted more than 13.7 million individual attacks in just 36 hours, focused on exploiting four different WordPress plug-ins and several Epsilon framework themes.
Researchers have developed and released an urgent "vaccine" for a zero-day vulnerability detected in the Java logging library Apache Log4j on Friday. It is reported that the vulnerability is being exploited by advanced persistent threat-level actors.
How serious is the Apache Log4j zero-day vulnerability that was announced to the world on Friday? "It's big," says Sam Curry, chief security officer at Cybereason, which has developed a "vaccine" to help. "I hate hyperbole generally," Curry says. "But it is a 10 on the criticality scale."
A report analyzing the Conti ransomware attack on Ireland's Health Services Executive in May provides insights into factors that played into the attack's impact and offers a list of recommendations on how HSE, as well as other organizations, can be better prepared for such incidents.
A new ongoing malware campaign is currently being distributed in the wild targeting TP-link wireless routers, leveraging a post-authenticated remote command execution, or RCE, vulnerability, according to FortiGuard Labs researchers.
A zero-day vulnerability detected in the Java logging library Apache Log4j can result in full server takeover and leaves countless applications vulnerable, according to security researchers, who say that the easily exploitable flaw was first detected in the popular game Minecraft.
A Nov. 16 ransomware attack on Frontier Software leaked "significant personal information" of thousands of South Australian government employees on the dark web, according to a Friday statement by Rob Lucas, treasurer of South Australia.
The U.K. High Court has upheld the U.S. government's request to extradite WikiLeaks founder Julian Assange, after receiving assurances about the conditions in which the 50-year-old would be held. Assange reportedly plans to appeal the ruling.
SonicWall is urging users of its Secure Mobile Access 100 series gateways and remote access products to immediately apply patches, as a majority of the devices are affected by eight critical- to medium-severity vulnerabilities even after enabling their web application firewall.
Hellman Worldwide Logistics, one of the world's biggest logistics and shipping firms, is warning that its operations remain disrupted following an online attack of unspecified nature. The attack comes amid a busy season for e-commerce and shipping, with supply lines already stretched thin, experts say.
The latest edition of the ISMG Security Report features an analysis of how the U.S. military has been "imposing costs" on ransomware groups. Also featured: a twist in the case of the Missouri governor vs. an alleged "hacker," and CyberTheory's Steve King on "why Zero Trust?"
Ifigeneia Lella, cybersecurity officer at ENISA describes findings from the agency's Threat Landscape 2021 report, which assesses the motives, capabilities, targeting and evolution of four different types of threat actors: state-sponsored, cybercrime actors, hacker-for-hire actors and hacktivists.
Since Emotet malware returned last month, it's been dropping the Cobalt Strike penetration-testing tool directly onto infected endpoints shortly after infection, researchers say. The move could be a bid to more rapidly identify high-value systems for targeting with ransomware, some experts warn.
Cybersecurity experts worry about attacks and ransomware directed at the 70,000 water and wastewater facilities in the U.S. In November 2020, the Hampton Roads Sanitation District was infected with Ryuk ransomware. Fortunately, its operational technology systems were unaffected, and it recovered.
With the support of the recent executive order on improving the nation's cybersecurity, Zero Trust strategy is gaining greater recognition. But there is still a degree of resistance to Zero Trust adoption. Dr, Chase Cunningham, CSO of Ericom, discusses this and other issues around Zero Trust.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.