Siemens has released patches for certain automation products that have a critical memory protection vulnerability, which attackers could exploit to run arbitrary code to access memory areas, enabling them to read sensitive data and use it to launch further attacks.
The FBI will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned, a data breach notification service. The data will contribute to Pwned Passwords, a service that alerts users to passwords that have been exposed in data breaches.
There's growing momentum around the use of software bills of materials, which allow for automated supply chain risk analysis. Patrick Dwyer of OWASP says that SBOMs and automation mean organizations can make better risk-based decisions on emerging security threats.
VMware is warning all vCenter Server administrators to patch their software to fix a serious vulnerability that could be used to execute arbitrary code as well as a separate authentication flaw. Experts warn that these and other recent flaws are likely to be targeted by ransomware gangs.
To unlock the value of quantum computing, two systemic risks - tech governance and cybersecurity - need to be overcome, says William Dixon of the World Economic Forum.
Researchers at Trend Micro say that about 50,000 IPs have been compromised across multiple Kubernetes clusters in a wormlike attack by the cloud-focused cryptojacking group TeamTNT.
You can see it in the latest high-profile attacks: Security requirements are ever more complex, exceeding the capacity of current protection capabilities. Enterprises need a new strategy for defending entry points, and Tom Sego of BlastWave believes he has it.
A new WastedLocker malware variant, dubbed WastedLoader, is exploiting two vulnerabilities in Internet Explorer to insert malicious advertisements into legitimate websites, the security firm Bitdefender reports.
Remote work, unsecured devices, susceptibility to influence - insider threat management has undergone its own transformation over the past year-plus. Rich Davis and Andrew Rose of Proofpoint offer insights into the latest risk trends, as well as technology solutions to aid the defenders' efforts.
A Belgian security researcher says he uncovered vulnerabilities that affect all modern Wi-Fi security protocols and most wirelessly connected devices, including smartphones, routers and IoT devices. Many tech companies have fixed the flaws to avoid leaks of user data.
Microsoft issued patches Tuesday for four more vulnerabilities in on-premises versions of the Exchange Server corporate email platform, one of which is a zero-day flaw.
"It's not personal ... It's strictly business." That line from "The Godfather" encapsulates the mindset of criminals who extort businesses using ransomware and other tools: Their imperative is profits, no matter any disruption they might cause to critical services, such as those provided by Colonial Pipeline.
The Fermilab physics laboratory in the U.S. has tidied up its systems after security researchers found weaknesses exposing documents, proprietary applications, personal information, project details and credentials.
Intel and AMD are disputing the findings of researchers from two universities who say they've discovered new attacks on Intel and AMD processors that can bypass most of the defenses put in place earlier for similar "Spectre" and "Meltdown" attacks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.