For too many organisations, software vulnerability management is just about "patch Tuesday." Vulnerability management has evolved significantly in the past few years. Organisations need to adopt a new strategy focusing on visibility, prioritised response, and mitigation.
When you look back at the wave of...
Many of the computer devices to be used for electronic voting in November's midterm elections have unpatched older operating systems that make them vulnerable, says Darien Kindlund, a data scientist at the cybersecurity firm Insight Engines, which advises governments and others.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
A newly released report from the U.S. Government Accountability Office on the massive 2017 Equifax data breach provides a postmortem look at what went wrong, centering on the credit bureau's identification, detection, segmentation and data governance, as well as a failure to rate-limit database requests.
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most possible victims by...
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most possible victims by...
U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
Unknown attackers are intercepting every piece of data handled by more than 7,500 routers made by MikroTik, while also using another 239,000 compromised routers to serve as proxies, researchers say. It's a continuation of a wave of attacks that exploit a vulnerability patched by MikroTik in April.
Identifying the right controls to manage specific risks is a vital component of an enterprisewide security program, says Gregory Wilshusen of the U.S. Government Accountability Office.
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity.
A WannaCry outbreak has hit unpatched Windows 7 systems at Taiwan Semiconductor Manufacturing Co., crippling its factories. The world's largest chipmaker, which traced the infection to a new software tool that it failed to scan for malware before installation, says the outbreak could cost it $170 million.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
