Researchers at Palo Alto Networks' Unit 42 say they have demonstrated how exploits of Microsoft Jet Database Engine vulnerabilities could lead to remote attacks on Microsoft Internet Information Services and Microsoft SQL Server to gain system privileges. Microsoft recently patched the flaws.
The Russian-linked group that targeted SolarWinds using a supply chain attack compromised at least one email account at 27 U.S. attorneys' offices in 15 states and Washington, D.C., throughout 2020, according to an update posted by the Justice Department.
Virtual visits transformed the healthcare industry, making care accessible to remote patients online. This change, while beneficial, also meant that millions of healthcare workers and patients began to exchange sensitive healthcare issues over unvetted cloud apps that weren’t built to secure health...
Researchers discovered an unauthenticated operating system command injection vulnerability in the Sunhillo SureLine surveillance application that allows an attacker to execute arbitrary commands with root privileges. The flaw has since been patched.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
As much as public cloud use is growing, both in total volume and in diversification of services, it is not a one-way trend. To meet evolving business needs, organizations are moving applications and workloads back and forth between cloud and on-premises environments.
A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
The older vision of vulnerability management of addressing vulnerabilities in silos is too inefficient and expensive for today’s enterprise. IT and security groups of today must monitor a much larger attack surface. Infrastructures and applications can change on a daily, even hourly basis. As cybercriminals are...
Verizon’s 2019 Data Breach Investigations Report found that technology sector is particularly susceptible to both internal (56%) and external (44%) threats; with financial motives (67%) and industrial espionage (29%) being the major drivers. The technology industry is also particularly vulnerable to DDoS attacks....
Researchers at Cognyte have identified the six common vulnerabilities and exposures - or CVEs - that were most frequently discussed by apparent cyberattackers on dark web forums between Jan. 1, 2020 and March 1, 2021. Five of these CVEs were for Microsoft products.
A new exposé tracking how spyware has been used to target journalists and human rights advocates suggests attackers have been exploiting zero-day flaws in Apple applications and devices. Apple says the flaws, while serious, likely pose no risk to the vast majority of its users.
Newly uncovered malware dubbed "BioPass" is targeting clients of Chinese online gambling companies, Trend Micro says. The malware exploits popular livestreaming and video recording app Open Broadcaster Software Studio.