U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
Unknown attackers are intercepting every piece of data handled by more than 7,500 routers made by MikroTik, while also using another 239,000 compromised routers to serve as proxies, researchers say. It's a continuation of a wave of attacks that exploit a vulnerability patched by MikroTik in April.
Identifying the right controls to manage specific risks is a vital component of an enterprisewide security program, says Gregory Wilshusen of the U.S. Government Accountability Office.
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Apache has released an emergency fix for its Struts web application framework to patch a flaw that attackers can exploit to take full control of the application. Some incident response experts, based on the severity of breaches they've investigated, recommend dropping Struts altogether.
Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity.
A WannaCry outbreak has hit unpatched Windows 7 systems at Taiwan Semiconductor Manufacturing Co., crippling its factories. The world's largest chipmaker, which traced the infection to a new software tool that it failed to scan for malware before installation, says the outbreak could cost it $170 million.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
The fundamentals of governance, risk and compliance are sorely lacking in too many organizations that are striving to improve cybersecurity, says Malcolm Palmore, an assistant special agent at the FBI.
Federal regulators are reminding organizations about the importance of identifying and patching software vulnerabilities. But why are these seemingly basic security steps so challenging for so many?
Patch management problem: Organizations must identify and fix all new vulnerabilities in their software and hardware as quickly as possible. Unfortunately, on average, attackers keep exploiting flaws faster than they're being patched, says Tenable's Gavin Millard.
Researchers have discovered two new Spectre/Meltdown variants: variant 3a, a rogue system register read, and variant 4, a speculative store bypass. Some AMD, ARM, Intel and IBM Power chips have the flaws, which attackers could exploit to steal sensitive data. Some fixes have already been shipped.
Patching a content management system has never been a straightforward affair, and the carnage from back-to-back critical vulnerabilities in the Drupal CMS continues to play out. Unpatched, hacked Drupal sites are delivering virtual currency miners, and in some cases malware.
There are massive amounts of vulnerabilities that companies deal with on an ongoing basis - not everything is lost though. Organizations that use unpatched software face a race against the clock, with attackers regularly beginning to hammer new vulnerabilities just hours after new fixes or security alerts get released...
The Annual Vulnerability Review analyzes the evolution of software security from a vulnerability perspective. Secunia Research at Flexera monitors more thousands of applications to provide the most recent data on the prevalence of vulnerabilities.
Download this report to learn more about:
Secunia Research's...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
