As applications are no longer tied to infrastructure, you need security controls at the workload level that are shared dynamically with security in your network - for real-time, multi-layered protection. Micro-segmentation allows you to isolate critical resources to control access and is an important part of Zero...
Microsoft's Patch Tuesday rollout addressed two additional security issues within Windows Print Spooler, including one zero-day. Microsoft's August security update covers 44 vulnerabilities, with seven rated critical. Intel and Adobe also made security fixes.
The widely used NicheStack TCP/IP stack has 14 vulnerabilities that, if exploited, could allow for remote code execution, denial of service, information leaks, TCP spoofing or DNS cache poisoning, according to researchers at Forescout and JFrog. But patches are now available.
Researchers at Palo Alto Networks' Unit 42 say they have demonstrated how exploits of Microsoft Jet Database Engine vulnerabilities could lead to remote attacks on Microsoft Internet Information Services and Microsoft SQL Server to gain system privileges. Microsoft recently patched the flaws.
A congressional report examining eight federal agencies found that seven continue to improperly protect sensitive data and do not meet basic cybersecurity standards.
A remote access Trojan is being distributed via download links for software or media articles on Telegram channels, according to researchers at AT&T Alien Labs.
A newly discovered threat group dubbed Praying Mantis is targeting businesses in the U.S by exploiting vulnerabilities in internet-facing web applications to steal credentials and other data, the security firm Sygnia says.
As chief security scientist and advisory CISO to security vendor Thycotic, Joseph Carson is well aware of risks employees will take to get their jobs done. He's just authored a new ethical hacker's guide to help enterprises plug their holes - before their adversaries breach them.
U.S. Customs and Border Protection has not always protected its Mobile Passport Control applications, making travelers' personally identifiable information vulnerable to exploitation, according to a new report from the Department of Homeland Security's Office of the Inspector General.
Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks.
Researchers at Cognyte have identified the six common vulnerabilities and exposures - or CVEs - that were most frequently discussed by apparent cyberattackers on dark web forums between Jan. 1, 2020 and March 1, 2021. Five of these CVEs were for Microsoft products.
Can NSO Group and other commercial spyware vendors survive the latest revelations into how their tools get used? The Israeli firm is again being accused of selling spyware to repressive regimes, facilitating the surveillance of journalists, political opponents, business executives and even world leaders.
A cybercrime forum seller advertised "a full dump of the popular DDoS-Guard online service" for sale, but the distributed denial-of-service defense provider, which has a history of defending notorious sites, has dismissed any claim it's been breached. What's the potential risk to its users?
Threat intelligence researchers are looking closely at REvil, the ransomware gang that infected up to 1,500 companies in a single swoop. A look at the group's online infrastructure shows clear lines to Russian and U.K. service providers that, in theory, could help law enforcement agencies but don't appear eager to...
Software developer Kaseya has released patches for its remote monitoring software, which had been exploited by REvil ransomware attackers to infect up to 60 MSPs and 1,500 of their clients. The patches mitigate the final three vulnerabilities out of seven that researchers reported to Kaseya in early April.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.