Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. The tech giant's latest patch addressed its third zero-day vulnerability this year.
The healthcare sector should have plenty of experience responding to data security incidents and breaches, especially in light of the record number of breaches reported last year. But when leaders are dealing with an incident, response plans can go awry. Experts offer tips for avoiding mishaps.
Two critical vulnerabilities affecting all on-premises versions of TeamCity servers can result in authentication bypass and path traversal, enabling an attacker to gain administrative privileges for a server and take it over. Users should prioritize patching now that the exploit is public.
A cyber threat actor is shifting tactics from conventional malware delivery to a targeted focus on acquiring NT LAN Manager authentication information to potentially collect sensitive data and perform other malicious actions. The campaigns have targeted hundreds of organizations globally.
A new report from the Office of the National Cyber Director calls for the universal adoption of memory-safe programming languages, but experts warned ISMG the process of overhauling legacy information technology and high-impact code can be daunting, costly and risky.
North Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.
Previous studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for internet and network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.
Software giant ConnectWise urged customers to promptly update critical vulnerabilities that could allow the execution of remote code or directly affect confidential data or critical systems. The two vulnerabilities stem from an authentication bypass weakness and path traversal flaw.
Bugcrowd received a $102 million venture capital investment to fuel strategic growth, the company announced Monday. "Our customers are outgunned and outmatched. They need to tap into all this creativity that exists within the hacker community," said company CEO Dave Gerry.
The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
Remote desktop application provider AnyDesk acknowledged that hackers recently had gained unauthorized access to the company's production systems in a cyberattack. The firm said it has revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.
The Business Software Alliance’ (BSA) most recent Global Software Survey reveals 37 percent of software in use globally is unlicensed and the commercial value of that is approximately $46.3 billion. The cost of unlicensed software causes colossal damage to both software vendors and its users. For example, malware...
Accenture has finalized its acquisition of U.K. tech consultancy firm 6point6, which specializes in cybersecurity, cloud and digital transformation solutions. The acquisition will add 6point6's 400 staffers to Accenture in support of its business in the U.K. market.
As the threat landscape becomes more complex, organizations face challenges in obtaining an accurate picture of their attack surface. People, process, and technology challenges hinder progress and make it difficult for security teams to practice preventive cybersecurity.
The European Central Bank beginning this month will conduct cyber stress tests on banks to determine their resilience against cyberattacks. The agency is requiring 109 banks in Europe to perform vulnerability assessments and incident response evaluations by mid-2024.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.