The Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email servers, according to a breach notification letter filed with Maine authorities. It appears some PII was exposed.
Microsoft's September Patch Tuesday security update covers 61 vulnerabilities, with four rated critical. These include a fix for the critical MSHTML Vulnerability Microsoft revealed last week and patches to a Windows scripting engine flaw and a Windows DNS flaw.
An unsecured database belonging to an apparently recently defunct firm exposed 61 million records of wearable health and fitness device users on the internet, say the security researchers who discovered the non-password-protected database in cooperation with the WebsitePlanet research team.
It’s the largest attack surface in history, and adversaries are taking advantage by launching attacks at an unprecedented volume and velocity. Shashi Prakash of Bolster discusses how to monitor and manage this new and shifting range.
Google has identified three critical vulnerabilities affecting several Netgear smart switch products that, if exploited, give the attacker complete control over the compromised device. Netgear has issued a security advisory confirming that it has issued patches for 20 impacted products.
Several security vulnerabilities in infusion pump products from B. Braun could collectively allow malicious actors to modify the dose of medicines delivered to patients, says Douglas McKee, a security researcher on a McAfee Enterprise team that recently discovered the flaws.
SEC Consult reportedly found multiple vulnerabilities in Moxa devices used in critical infrastructures including railways, manufacturing, cellular and heavy industries. Moxa has confirmed patching 60 vulnerabilities in its latest firmware update and issued mitigation advice for discontinued devices.
Cyber Command and the U.S. Cybersecurity and Infrastructure Security Agency issued alerts Friday warning those using Atlassian's Confluence and Data Center products that attackers are actively exploiting the critical remote code execution vulnerability CVE-2021-26084.
Federal authorities have issued an updated advisory about security vulnerabilities in certain patient monitoring devices manufactured by Philips, which, if exploited, could result in unauthorized access to patient data and interruptions in monitoring.
Several companies that use the OpenSSL cryptography library toolkit are reportedly scrambling and releasing security advisories to their users following patching of two vulnerabilities that were first fixed and disclosed to users on Aug. 24.
Business email compromise attacks, which balance low-tech tactics with the potential for big profits, remain popular. Attackers continue to refine their tactics, including subverting legitimate redirect services as well as recruiting English-speaking business partners and cryptocurrency tumbler operators.
Four months after Microsoft released the first security update for flaws in several versions of its on-premises Exchange Server software, the company has issued its first official guidance on the three actively exploited ProxyShell vulnerabilities.
In the first half of 2021, Fortinet's FortiGuard Labs detected a 10-fold increase in weekly ransomware activity as compared to 2020. This is just one of the trends detailed in the Global Threat Report for the first half of 2021. Derek Manky of FortiGuard Labs analyzes the trends and takeaways.