Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.
Technology giant Apple has joined the chorus of voices calling on the British government to rethink its proposed Online Safety Bill legislation intended to increase public safety by monitoring people's private communications via client-side scanning.
A startup founded by longtime Israeli Military Intelligence leaders landed Series B funding to support the cloud and on-premises data protection needs of hybrid organizations. The $100 million will help Cyera expand and broaden its offering to cover more pain points enterprises are experiencing.
The tally of organizations affected by the Clop ransomware group's supply chain attack against users of Progress Software's popular MOVEit file transfer software continues to grow. UCLA and New York City schools - including students and staff - are the most recently named victims.
As generative AI applications become more common in healthcare, organizations will need to carefully consider critical third-party risk issues involving the use of these technologies, said Damian Chung, business information security officer at security firm Netskope.
Application security testing, or AST, and API security testing are important components of a comprehensive cybersecurity strategy. We'll discuss the application and API security best practices for each type of testing, the use cases, and how they protect your business from cyberattacks.
A Chinese state hacker is using novel tradecraft to gain initial access to victim systems, according to CrowdStrike. Targeted organizations include those in the communications, manufacturing, utility, transportation, construction, maritime, government, IT and education sectors.
A Berlin, Maryland-based hospital recently told regulators that a ransomware breach discovered in January had compromised the sensitive information of nearly 137,000 patients, about five times the number of people originally estimated as having been affected by the incident.
Irish Parliament has proposed changes to a new bill that would make it a criminal offense to disclose privacy reprimands issued by the Data Protection Commission. Civil rights groups are accusing the government of shielding the country's privacy regulator from criticism.
The Securities and Exchange Commission accused SolarWinds CFO Bart Kalsu and CISO Tim Brown of violating securities laws in their response to the 2020 cyberattack. Kalsu and Brown are among "certain current and former executive officers and employees" targeted by the SEC for alleged violations.
Are unsolicited smartwatches the new USB thumb drive? The U.S. Army warns that service members are being sent free wearables preloaded with malware designed to steal data from mobile devices as well as intercept voice communications and hijack cameras.
Millions of GitHub repositories are vulnerable to a repository renaming flaw that could enable supply chain attacks, a new report by security firm Aqua said. It found 36,983 GitHub repositories vulnerable to repo jacking attacks, including Google and Lyft.
A federal appeals court affirmed that Synopsys didn't steal trade secrets from Risk Based Security by creating its own database of open-source code vulnerabilities. The data was not ruled a trade secret because Risk Based Security doesn't derive "independent economic value" from keeping it secret.
Search engine optimization poisoning attacks, which involve intentionally manipulating search results to lead users onto malware-laced websites, are on the rise in the healthcare sector, U.S. federal regulators warn. Users should watch for typosquatting, keyword stuffing, meta tagging and cloaking.
Microsoft discovered hackers targeting internet-facing Linux systems and IoT devices to steal IT resources for cryptocurrency mining operations. The campaign begins by brute-forcing target systems and devices and then uses a backdoor to deploy open-source tools such as rootkits and an IRC bot.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.