Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.
A bipartisan group of U.S. senators has introduced legislation that would require the Department of Homeland Security to appoint cybersecurity leaders in each state to help combat growing cyberthreats against units of local government.
The FBI has created a new policy to give "timely" breach notifications to state and local officials concerning election hacking and foreign interference. The updated guidelines look to correct some of the mistakes in the run-up to the 2016 presidential election.
The Department of Health and Human Services is alerting healthcare organizations to the urgency of patching the Microsoft Windows 10 severe vulnerability revealed by the National Security Agency and dozens of other vulnerabilities disclosed by Microsoft. Why is patching so critical?
A day after the NSA disclosed a significant vulnerability that could affect the cryptographic operations in some versions of Windows, security researchers started releasing "proof of concept" code designed to show how attackers potentially could exploit the flaw. This highlights the urgency of patching.
Iranian-led disinformation campaigns and other cyberthreats against the U.S. are likely to surge in the aftermath of Iranian Major General Qasem Soleimani's death, security and political experts told a House committee Wednesday. That's why federal agencies need to shore up their defenses.
A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history. The minimum cost to Equifax will be $1.38 billion.
Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?
The British government continues to delay deciding whether it will ban Chinese networking gear from its national 5G rollout, as the Trump administration demands. But with future trade deals on the line as the U.K. navigates its "Brexit" from the EU, Britain cannot afford to anger either Beijing or Washington.
In light of recent ransomware and other cyberattacks against vendors serving numerous healthcare organizations, it's critical to develop and deploy comprehensive vendor risk management programs, says John Farley of Arthur J. Gallagher & Co., a provider of cyber insurance.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Corporate network security breaches, which can prove costly to remediate and expose a company to lawsuits, are frequently the result of vulnerabilities that could have been fixed for a relatively low cost. A a brute force penetration test is a critical first step in finding those vulnerabilities.
The CEOs of the three largest voting machine manufacturers testified before a U.S. Congressional committee that they would be open to greater federal oversight of their equipment to help ensure the security of voting data in upcoming elections, including the 2020 presidential contest.
Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think.
The security company Check Point has revealed several vulnerabilities in TikTok, the popular Chinese video app that has raised concerns lately from the U.S. military and lawmakers. The issues are fixed, and TikTok says it doesn't appear the issues were exploited for a breach.