Earlier this month, McAfee Enterprise's Advanced Threat Research team, working with McAfee's Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in operation for years. Their analysis provides insight into the group's tools, tactics and techniques.
The Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center for Arcadia Group.
CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.
The Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email servers, according to a breach notification letter filed with Maine authorities. It appears some PII was exposed.
Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.
Travis CI, a Berlin-based continuous integration testing vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, potentially putting thousands of organizations at risk. Those using Travis CI should change their secrets immediately.
Achieving Velocity Requires a Modernized Approach to Application Security
Digital transformation initiatives are forcing development teams to make tough decisions between meeting time-to-market needs and mitigating risk. Exacerbating the issue is that developers often lack the knowledge to mitigate the risks...
Electronic equipment is increasingly being used in safety critical environments, and the software used in these products is becoming more and more complex. Exhaustive testing to ensure that there is no situation in which a failure could occur is rarely possible and, therefore, systems must be designed in such a way to...
Microsoft's September Patch Tuesday security update covers 61 vulnerabilities, with four rated critical. These include a fix for the critical MSHTML Vulnerability Microsoft revealed last week and patches to a Windows scripting engine flaw and a Windows DNS flaw.
An unsecured database belonging to an apparently recently defunct firm exposed 61 million records of wearable health and fitness device users on the internet, say the security researchers who discovered the non-password-protected database in cooperation with the WebsitePlanet research team.
A recently patched flaw in a mobile app allowing N.Y. residents to acquire and store a COVID-19 vaccine credential did not validate user input properly and stored forged verifications, according to security researchers. Experts say similar flaws could have dire consequences.
The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident response investigations.
Merger and acquisition activity picked up in September with BitSight, Tenable and Mastercard, all making deals. Moody's became BitSight's largest shareholder after making a $250 million investment in the company.
Apple patched a software vulnerability on Monday that researchers say was used to deliver spyware via its iMessage platform to the mobile phones of activists. But a few changes to iMessage could make it safer overall for individuals at high risk of surveillance, says an Apple security expert.
A bipartisan group of lawmakers wants to better insulate the director of CISA from political pressure by giving the role a defined five-year term that could keep the agency's leader in place even when presidential administrations change. Currently, the position of CISA director lacks a set term.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
