The FBI urged the immediate removal of previously hacked email security appliances made by Barracuda Networks, injecting fresh urgency into the push to stymie what's been called the broadest Chinese cyber spying campaign in years. Mandiant linked the hack to Beijing with "high confidence."
No sector took digital transformation as seriously as healthcare did. From remote work to multi-cloud environments to new digital healthcare experiences for patients, it's a brave new world - with new risks. Anahi Santiago of ChristianaCare discusses these risks and how to mitigate them.
Hackers moved faster than system administrators to exploit a zero-day vulnerability in Citrix NetScaler appliances by dropping web shells that remain active even after a patch, warn Dutch security researchers. Dutch firm Fox-IT says researchers "could not discern a pattern in the targeting."
Multiple vulnerabilities in data center power management systems and supply technologies enable threat actors to gain unauthorized access and perform remote code injection. The attackers can chain multiple vulnerabilities to gain full access to data center systems.
A recently identified security vulnerability in PaperCut print management software holds the potential for high-severity outcomes and could let unauthorized hackers run code remotely. The software is used in a wide array of environments, including large printer fleets supporting over 100,000 users.
The U.S. government is urging computer manufacturers to improve the security of firmware architecture that boots up devices after a powerful bootkit sparked concerns over permanent malware infections. Among its recommendations are that all UEFI developers implement dedicated PKI for updates.
A five-year-old flaw in Fortinet SSL VPNs remains one of the world's most widely exploited vulnerabilities. So warn cybersecurity officials across the U.S. and its Five Eyes partners in a joint security advisory highlighting the 12 most exploited flaws that require immediate patching.
Why are so many fresh zero-day vulnerabilities being exploited in the wild? Google reported that attackers often discover variants of previously exploited flaws, which suggests that vendors aren't doing enough to fix the root cause of flaws - or to avoid introducing fresh ones with their fixes.
A mobile security vendor patched a critically rated zero-day vulnerability in its endpoint management platform that had been used by unknown hackers to attack the Norwegian government. The flaw is rated 10 on the CVSS scale. Multiple governments use the platform - the Ivanti Endpoint Manager Mobile.
General cyber hygiene has gotten worse at small and midsized businesses, according to Simon Newman, CEO of the Cyber Resilience Center for London. "Businesses are less able to spot that they've been a victim than they perhaps have in previous years," he said.
SMBs must deal with heightened digital risk despite having less resources, personnel and intelligence than their larger counterparts, said Qualys CEO Sumedh Thakar. Firms rely on different teams and tools to discover assets, find misconfigurations and vulnerabilities, prioritize them and patch them.
Adobe released a fresh out-of-band security update to patch an improperly fixed ColdFusion zero-day vulnerability being actively exploited in the wild that allows attackers to bypass security controls. The update includes fixes for two other critical vulnerabilities.
Top U.S. and Australian cybersecurity agencies strongly urged users to patch a critical zero-day flaw in Citrix ADC and Gateway appliances being exploited by unnamed threat actors in the wild. The bug, which is tracked as CVE-2023-3519, gives unauthenticated attackers RCE privileges.
Product security is the other half of the security picture. While IT security focuses on an internal audience, product security teams must respond quickly to issues identified by customers and researchers. Quentyn Taylor of Canon EMEA discussed the value of product security programs.
Warning: Hackers are actively exploiting a flaw in Adobe's ColdFusion rapid web application development platform to execute malicious code. While Adobe attempted to patch the flaw, researchers say attackers appear to have found a way to bypass it by chaining together multiple flaws.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.