Vulnerability management issues are a common problem for many healthcare entities and can become an even bigger concern when unremediated issues are left to linger for years. That appears to be the case at some VA medical facilities, according to a report from the Office of Inspector General.
Microsoft fixed an actively exploited zero-day vulnerability in 2023's first Patch Tuesday dump. The Redmond giant also issued fixes for 98 other vulnerabilities, including 11 classified as critical and 87 as important. The zero-day vulnerability could be used as part of a ransomware attack.
Regularly applying software updates and security patches ensures that vulnerabilities are addressed and systems are protected from known threats. Power and energy industries are very vulnerable to these threats and by failing to patch, these organizations leave themselves open to cyber attacks that can disrupt the...
Patch management in an operational technology (OT)/industrial control system (ICS) setting is full of challenges. From proprietary hardware and software to a lack of staff, inadequate or non-existent testing equipment, and regulatory reporting and system maintenance, many organizations struggle to determine what is...
Software patching is often thought of as a basic cyber security process. On the surface, it appears to be straightforward: simply apply updates to your systems. But as it turns out, patching is not so straightforward after all, especially in industrial/OT environments. In fact, it is likely the single most...
Microsoft upgraded a vulnerability first discovered in September to "critical" after IBM Security researchers discovered attackers could exploit the flaw to remotely execute code. The latest code execution bug has a broader scope and could affect a wider range of Windows systems than EternalBlue.
Microsoft's last monthly dump of patches for 2022 includes a fix for a zero-day exploited by ransomware hackers to bypass the SmartScreen security mechanism for malware execution. The zero-day hinged on hackers creating a malformed Authenticode signature.
The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts, senior fellow and managing director of the University of Minnesota's recently launched Center for Medical Device Cybersecurity.
Iranian hackers used Log4Shell to penetrate the network of an unnamed federal agency where they stole passwords and implanted cryptocurrency mining software. Whether the Iranians were acting wholly on Tehran's behalf, on their own behalf, or both, is uncertain.
Microsoft released patches fixing a pair of Exchange vulnerabilities revealed publicly in late September and collectively known as ProxyNotShell. The computing giant assesses with "medium confidence" that state-sponsored hackers have exploited the now-squashed bugs.
The U.K. Information Commissioner levied a nearly $5 million fine against Interserve Group Limited for its lack of security protections in the run-up to a 2020 ransomware attack. The firm kept employee data on servers running obsolete versions of Windows and used outdated antivirus software.
Probe deep enough into a once-obscure subsystem in the Windows operating system called the Common Log File System and you might come out the other end with system privileges. Researchers on Zscaler’s ThreatLabz research team say the root cause of a recent CLFS zero-day resides in base file metadata.
Immersive Labs completed a funding round just weeks after laying off 10% of its workforce to cover more developer languages and safeguard Azure and Google Cloud. The Ten Eleven Ventures-led funding will help Immersive Labs expand its coverage from frontline cybersecurity staff to development teams.
One zero-day down but two Microsoft Exchange zero-days to go in this month's dose of patches from the Redmond, Washington computing giant. Microsoft fixed a COM+ flaw being exploited in the wild but for now is relying on workarounds for two known email server bugs.