Several global Computer Emergency Response Teams have issued alerts as well as fixes for Google Chrome browser and Android operating system vulnerabilities. Countries issuing the alerts include France, India and Canada.
Technology giant Microsoft has released patches for 51 vulnerabilities as part of its Patch Tuesday announcement. Of the total, none of the fixes are for critical bugs, and three are rereleased patches. Separately, the company says it will block internet macros by default in its Office applications.
Federal authorities are again warning healthcare and public health sector entities about potential threats posed by ransomware-as-a-service group LockBit 2.0, despite the cybercrime gang's claim that it does not target healthcare organizations.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
In 2021, there were 1,862 data compromises - a 68% increase over 2020, according to the Identity Theft Resource Center's Annual Data Breach Report. "In this past year, there were more cyberattack-related data breaches than there were all forms of data breaches in 2020," says ITRC COO James E. Lee.
Microsoft researchers tracking Apache Log4j exploits last week discovered a previously undisclosed vulnerability in SolarWinds' Serv-U software. SolarWinds subsequently responded, investigated and fixed the flaw. Some observers described the new vulnerability as "surprising" and "disturbing."
Among the simplest things that vendors can do to help improve the cybersecurity of their products is providing better transparency, especially regarding the third-party components contained in their technology, says Rob Suárez, CISO of medical device maker Becton Dickinson.
Although there have been no major compromises in the healthcare and public health sector to date involving Apache Log4j flaws, the sector remains highly vulnerable, federal regulators warn.
Endpoint detection and response software news: The entity formerly known as McAfee Enterprise and FireEye Products has a new name: Trellix. Think of a "security trellis to businesses across the globe, giving them support they need to keep them safe," says CEO Bryan Palma. Will customers and prospects buy in?
Mozilla has released its latest Firefox browser version 96 with a host of new features and improvements for both desktop and mobile browsing. Mozilla has also fixed 18 security vulnerabilities, including 9 high-severity issues and 9 other medium- or low-severity flaws.
As staff increasingly connect to networks using internet of things devices, researchers have found a new way of detecting malware on IoT devices. The method leverages electromagnetic field emanations and can detect stealthy malware on the devices even in the presence of obfuscation techniques.
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.