Microsoft has confirmed that a serious flaw in Windows SMB_v3 exists that could be exploited by attackers to remotely seize control of vulnerable systems. While no attacks have been seen in the wild, no patch for the wormable flaw is yet available. A workaround exists for servers, but not clients.
While the cybersecurity industry has increasingly focused on the roles artificial intelligence and machine learning can play in thwarting attacks, the humans behind the algorithms remain both points of strength and weakness, says RSA President Rohit Ghai, who keynoted the RSA 2020 conference on Tuesday.
ISS World, a global facilities maintenance company based in Denmark, says it's gradually restoring its systems after a malware attack on Monday. The company says it has identified the root cause but has not said if ransomware was involved.
Time for a fresh edition of "learn from how others get breached" focusing on Equifax. The goal is not blame, but rather to highlight specific missteps so others can avoid making the same mistakes. The Equifax breach offers a plethora of takeaways to help organizations better repel attackers.
Who's surprised Chinese military hackers allegedly hacked Equifax? For a foreign power that continues to attempt to amass personal information on its adversaries, targeting a business that gets rich by buying and selling Americans' personal data remains an obvious play.
Four members of China's People's Liberation Army have been indicted for allegedly hacking Equifax in 2017 and stealing the personal data of over 145 million Americans as well as a vast trove of the company's trade secrets and intellectual property, the U.S. Justice Department announced Monday.
Major data breaches continue to dominate the news, and almost 48% of organizations report that they have had a data breach in the past two years. As the severity and volume of attacks increase, the race to outpace attackers continues. Cybersecurity teams are not equipped enough to keep up, and need to leverage the...
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The company is working on patches.
Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.
Citrix has released the first of several patches that address a vulnerability in its Application Delivery Controller and Gateway products that was discovered by researchers in December. If left unpatched, the vulnerability is remotely exploitable and could allow access to applications and internal networks.
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.
A day after the NSA disclosed a significant vulnerability that could affect the cryptographic operations in some versions of Windows, security researchers started releasing "proof of concept" code designed to show how attackers potentially could exploit the flaw. This highlights the urgency of patching.
A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history. The minimum cost to Equifax will be $1.38 billion.
The NSA took the unusual step Tuesday of announcing what it calls a "severe" vulnerability in Microsoft's Windows 10 operating systems ahead of Microsoft's Patch Tuesday security update. The flaw could allow attackers to execute man-in-the-middle attacks or decrypt confidential data within applications.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.