Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Hackers have weaponized a zero-day in a popular workspace collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, Atlassian's Confluence Data Center and Server products, which serves millions of daily active users.
Large enterprises, including government and educational organizations, are being warned to immediately update their WS_FTP Server, built by Progress Software, to fix serious flaws being actively exploited by attackers. Secure file transfer software remains a top target, especially for extortionists.
The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization and encryption - among other defenses, says Teresa Walsh, global head of intelligence for FS-ISAC.
A federal judge has given the green light for attorneys to proceed with a consolidated class action lawsuit against Meta that accuses the social media giant of intercepting sensitive health information with its Pixel tracking tools used in numerous healthcare websites and patient portals.
Multiple hackers are minting newer capabilities from an open-source information stealer to spawn new variants. The malware steals sensitive information such as corporate credentials, which are resold to other threat actors for attacks, including operations related to espionage or ransomware.
Medical device maker Medtronic MiniMed violated patient privacy by using tracking and authentication technologies such as Google Analytics and Firebase in its InPen diabetes management app and services, according to a proposed federal class action lawsuit filed this week.
Chinese espionage hackers behind an eight-month campaign to hack Barracuda email security appliances intensified their focus on high-priority targets around the time the company moved to fix the zero-day flaw behind the campaign. A custom backdoor suggests China was prepared for remediation efforts.
Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. With the surge in cloud adoption, visibility in the cloud is paramount, advised Levi Gundert, chief security officer at Recorded Future.
Organizations engaged in software production often run their applications and services within cloud environments. CEO Ganesh Pai advocates the "shift-up" approach for enhanced cloud security, which focuses on operational visibility extending from software composition to production workloads.
This year's massive exploitation of managed file transfer products such as Fortra's GoAnywhere and Progress Software's MOVEit proves that MFTs are a hacker's paradise. Research by John Dwyer of IBM Security X-Force shows why and also reveals a path toward protecting MFTs in the future.
While consolidating third-party risks into one document is important, it is equally vital to introduce artificial intelligence into various elements of your third-party risk management program, said Jonathan Pineda, CISO and DPO at the Government Service Insurance System in the Philippines.
The federal agency that enforces HIPAA is heavily focused on investigations of potential violations involving online tracking tools in healthcare websites that impermissibly transmit sensitive patient information to third parties, said Susan Rhodes of the Department of Health and Human Services.
Recently acquired RiskLens edged out startup Axio and incumbent ThreatConnect for the top spot in Forrester's first-ever cyber risk quantification rankings. Cyber risk quantification focused on theoretical methodology for about 10 years but shifted to practical applications over the past five years.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.