The U.S. Cybersecurity and Infrastructure Security Agency warns that hacking groups backed by the Chinese Ministry of State Security are exploiting several unpatched vulnerabilities to target federal agencies.
Independent bug hunters who find flaws in products and services often struggle to hand off their vulnerability report to someone in a position to get it fixed, says longtime security researcher Daniel Cuthbert. He describes steps organizations must take to be able to receive - and act on - bug reports.
The security firm Positive Technologies discovered six vulnerabilities in Palo Alto Networks' PAN-OS, the software that runs the company's next-generation firewalls. The firewall developer has issued patches.
In the three years since Equifax suffered a massive data breach, the consumer credit reporting firm says it has worked tirelessly to overhaul the security shortcomings that allowed the breach to happen. Equifax CISO Jamil Farshchi and other security experts weigh in on important lessons learned.
Ransomware continues to pose a "significant" threat, and email remains one of the top attack vectors being used by both criminals and nation-states, Australia's Cyber Security Center warns in its latest "Cyber Threat Report," which urges organizations to improve their defenses.
The U.S. Cybersecurity and Infrastructure Security Agency is ordering most executive branch agencies and departments to create vulnerability disclosure programs by March 2021. Some agencies, such as the Pentagon, already have robust programs in place.
Warning: Hackers are actively attempting to exploit two zero-day flaws in the IOS XR Cisco operating system that runs its carrier-grade routers. Cisco has described ways to partially mitigate the vulnerabilities while it preps patches.
He'd worked at NASA, Visa and Time Warner and stepped in at Home Depot after it was hacked in 2014. But nothing quite prepared Jamil Farshchi for the spotlight he'd face when he took over as CISO at Equifax after its massive 2017 data breach. He discusses how the Equifax security organization has rebounded.
A patching effort has been underway for six months to upgrade Thales wireless communication modules that are embedded in millions of IoT devices, including insulin pumps and smart meters. Left unpatched, a vulnerability in the modules could allow attackers to control devices, IBM warns.
Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching.
A security researcher says voting equipment in the U.S. is still riddled with security flaws that opportunistic foreign adversaries could use to pose a threat to the November election. Meanwhile, the director of CISA calls Russian ransomware attacks one of the biggest threats to the election.
Twitter rushed out a fix for a flaw in the Android version of its social media platform that could have allowed hackers to access user data, including within the direct message feature. The news comes as more details have emerged about a recent Twitter hacking incident.
Vulnerabilities in the Microsoft Windows print spooler, an aging but important component, will be discussed at the Black Hat security conference on Thursday. The vulnerabilities are rooted in patches that Microsoft created to fix issues exploited by Stuxnet, the malware that hampered Iran's nuclear program.
The FBI is warning organizations that are still using Microsoft Windows 7 they are in danger of attackers exploiting vulnerabilities in the unsupported operating system to gain network access. The agency points to an uptick in such attack attempts.
Adobe Flash Player, which has been patched hundreds of times during its lifetime to address vulnerabilities, will no longer be supported after Dec. 31, leaving an attack vector that can be exploited by malicious actors unless it's removed. That's why eliminating all instances of Flash Player is so urgent.