Multiple flaws - all serious, exploitable and some already being actively exploited - came to light last week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.
Two years after WannaCry tore a path of destruction through the world, the ransomware remains a danger, with many systems still vulnerable to the EternalBlue or EternalRomance exploits that started it all.
The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.
The latest edition of the ISMG Security Report digs into the WhatsApp flaw that paved the way for spyware installation. Also: Microsoft patches old operating systems and a 'virtual CISO' sizes up security challenges.
Healthcare organizations need to take bold steps to help ensure that their cloud services providers are effectively protecting patient data. That's the advice of John Houston, CISO of UPMC, and Ira "Gus" Hunt, a security specialist at the consultancy Accenture Federal Services.
U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.
European privacy authorities have received nearly 65,000 data breach notifications since the EU's General Data Protection Regulation went into full effect in May 2018. Privacy regulators have also imposed at least $63 million in GDPR fines.
Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.
Fast Retailing, the parent company of several of Japan's biggest retail clothing chains, is warning customers of an attack that exposed email addresses and partial credit card information of more than 460,000 of the company's customers. The attackers apparently used credential stuffing techniques.
What's it like for a small, not-for-profit healthcare entity to deal with the consequences of a ransomware attack? The president of a substance abuse treatment center shares his first-hand experience - and lessons learned.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.