Researchers at Eclypsium have revealed new details concerning a significant flaw in Intel's PMx driver, which they say could give attackers "near-omnipotent" control over devices. Intel has released an updated version of the driver, a key step in mitigating risks.
Now that security researchers have located the first exploits that take advantage of the BlueKeep vulnerability in Windows, Microsoft is warning users to apply patches the company issued for this flaw before more dangerous exploits merge.
Two new security incidents demonstrate how easily millions of customer records can be exposed. Researchers found an unsecured database containing records of customers of Adobe Creative Cloud. And Italy's UniCredit bank announced a "data incident" that exposed a file containing customer records.
Federal regulators are proposing a "safe harbor" that would permit hospitals to donate certain cybersecurity software and services to physicians. The move would modify the so-called Stark Law and federal anti-kickback regulations.
Healthcare organizations can take steps to start mitigating risks while awaiting vendor software patches to address URGENT/11 IPnet vulnerabilities in their medical devices, says researcher Ben Seri of security firm Armis, which identified the flaws.
The Food and Drug Administration has issued an alert warning healthcare organizations about 11 vulnerabilities dubbed "URGENT/11" involving IPnet, a third-party software component that may introduce risks for certain medical devices and hospital networks.
A security researcher has uncovered what may rank as one of the most significant iOS weaknesses ever discovered: a flaw that enables bypassing the security protections present in most Apple mobile devices. While the vulnerability can't be patched, an attacker would need physical access to exploit it.
The U.S. electric grid is growing increasingly vulnerable to cyberattacks from countries such as Russia, and a well carried out attack on the grid could cause widespread power outages, according to a new GAO audit. Industrial control systems are particularly vulnerable.
The crypotmining botnet Smominru, which has been around since at least 2017, has resurfaced with a new campaign that has infected 90,000 devices worldwide, including in the U.S., China and Russia, according to security analysts at Guardicore.
Earlier this year, intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, but there was no disruption in electricity service, according a recently released report. The incident illustrates potential weaknesses in the power grid.
A new weaponized proof-of-concept exploit for the BlueKeep vulnerability in Windows has been released by researchers at Rapid7 and Metasploit in an effort to help create a sense of urgency to patch the flaw.
Federal regulators have recently issued three advisories on cybersecurity vulnerabilities identified in medical devices. Some experts say the spotlighted flaws are issues commonly found in legacy medical devices as well as other IT products.