Seven vulnerabilities - including one rated critical and five high-severity - in Schneider Electric's EVlink products have been patched, according to security researcher Tony Nasr. Exploitation of the vulnerabilities would allow attackers to manipulate configurations and settings.
The Apache Software Foundation has released a new Apache HTTP Server update, version 2.4.52, to mitigate risks posed by two flaws. One of the vulnerabilities is critical, but there has been no evidence it is being exploited in the wild.
As ransomware attacks continue to pose a significant threat to enterprises and individuals, "We will keep banging the message that basic cyber hygiene makes a big difference to lots of people," says Andy Bates of the Global Cyber Alliance. He also discusses the alliance's top priorities for 2022.
Microsoft Teams' link preview feature contains four vulnerabilities that allow attackers to access internal Microsoft services, spoof the link preview and - for Android users - leak their IP address and use DoS attacks against their Teams app/channels. Three of the four flaws remain unpatched.
A flaw in a Bluetooth-enabled at-home COVID-19 test, which has since been fixed, would have allowed individuals to change test results from positive to negative, and vice versa, says a report by the security researcher who discovered the problem. Are other medical IoT products at similar risk?
The U.S. Department of Homeland Security this week announced a "Hack DHS" bug bounty program to identify potential cybersecurity vulnerabilities within its systems and to increase DHS' overall cyber resilience. Hackers uncovering vulnerabilities will be compensated by the department.
What's in store for defenders as attackers increasingly try to target the ubiquitous Apache Log4j vulnerability? "Everyone is a target," says veteran cybersecurity leader Etay Maor, whose team at Cato Networks has been analyzing hundreds of attacks that already attempt to exploit the flaw.
Like CISOs everywhere, Dawn Cappelli of Rockwell Automation awoke last Friday to news about the Log4j vulnerability and the risk it posed to her company, customers and partners. Here is how she approached triage, response and capturing insights to be shared with other security leaders.
Botnet operators have launched DDoS attacks on devices that have not applied patches for two separate vulnerabilities, researchers say. One is a Mirai-based botnet dubbed Moobot, according to cybersecurity firm Fortinet, and the other is an unnamed Mirai-reminiscent botnet, according to Qrator Labs.
Multiple security researchers have spotted threat actors already exploiting the Apache Log4j vulnerability by deploying Muhstik and Mirai botnets to target Linux devices. Their advice: Ensure to remove any existing compromise before patching, and expect this flaw to be exploited for the long term.
Indian Prime Minister Narendra Modi's official Twitter account was compromised - for the second time - as part of a cryptocurrency scam. The account was "immediately secured" by Twitter, according to a tweet by the PM’s Office. Cyberlaw experts discuss where the onus of protection lies.
It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.
Nearly $200 million has reportedly been stolen from the cryptocurrency exchange BitMart, one of the top centralized crypto exchanges by volume, according to China-based blockchain analytics firm PeckShield, which tracked the heist beginning Saturday.
A former employee of a New York-based technology company, likely to be IoT technology company Ubiquiti, has been arrested for stealing confidential data and extorting his employer for nearly $2 million. If convicted, the suspect faces up to 37 years in prison.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.