The Defense Department will expand its vulnerability disclosure program in the coming months, inviting ethical hackers to find flaws in a wider array of systems and applications - including IoT and industrial control systems - within the Pentagon's public-facing networks.
Exim, one of the most-used message transfer agents, has issued patches for 21 flaws that could put thousands of users at risk of attacks, researchers at security firm Qualys say.
With all the talk of sophisticated adversaries and evolving threats to users and devices – what about threats to building management systems? Jeremy Morgan of Industrial Defender discusses this threat landscape and the role of automated tools to defend it.
Can courts trust evidence collected by Cellebrite's mobile device forensic tools? Matt Bergin of KoreLogic has found new vulnerabilities in Cellebrite's software that he will present on Friday at Black Hat Asia. He says that forensics software should be put through rigorous penetration tests.
A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say.
Following news reports of ransomware attackers targeting QNAP Systems' network-attached storage appliances, encrypting users' data and then demanding a ransom, the company is urging users to immediately install a malware remover and run a malware scan.
Attackers targeting the healthcare sector are frequently exploiting unprotected internet-facing databases and unsecured network devices, including "shadow IT," says David Sygula, a senior analyst at the security firm CybelAngel.
The FIDO Alliance, an association that has developed voluntary authentication standards with a goal of minimizing the use of passwords, has launched an onboarding protocol for IoT devices that's designed to enhance security.
The economics of vulnerability discoveries and exploits is always evolving, and knowing those dynamics can provide insights into what attackers are doing, says Casey Ellis of Bugcrowd.
SonicWall has patched three zero-day vulnerabilities in the hosted and on-premises versions of its Email Security product after attackers began exploiting them last month. Attackers can exploit the flaws to access email and pivot deeper into organizations' systems, FireEye Mandiant reports.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
A proposed privacy framework from the eHealth Initiative & Foundation and the Center for Democracy and Technology aims to set standards for the collection, disclosure and use of health data that falls outside the protection of HIPAA, says attorney Andrew Crawford of CDT.
In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.
Hospital CISOs need to make board members more aware of why cybersecurity should be an essential element of enterprise IT governance - especially as the use of internet-connected medical devices continues to grow, says Alain de Maght, CISO of a group of public hospitals in Brussels, Belgium.
Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.