Absolute Security has strengthened its platform with the acquisition of Syxsense, adding powerful automated vulnerability management tools to its existing endpoint security capabilities. The move aims to improve security compliance and simplify complex remediation tasks for organizations.
Federal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.
Cybercriminals are using a critical remote code execution vulnerability in an open-source geospatial data platform to spread malware globally across several industries. GeoServer Project maintainers released a patch on July 1. The vulnerability has a CVSS score of 9.8 out of 10.
A hacking group tied to North Korea exploited a zero-day vulnerability in the open source Google Chromium web browser to try and steal cryptocurrency, Microsoft said. The attack campaign is the latest to involve a sophisticated North Korean rootkit called FudModule. Google has fixed the flaw.
SafeBreach security researcher Alon Leviev discusses how downgrade attacks expose vulnerabilities in Windows systems. He shares insights into how attackers manipulate Windows Update processes and stresses the importance of monitoring and securing critical system components to prevent exploitation.
Russian hackers are leveraging unpatched vulnerabilities to exploit networks for more than 20 months. Michael Sikorski, VP of threat intelligence at Palo Alto Networks, shares insights on ransomware gangs, AI's role in attacks and the importance of defense-in-depth strategies for organizations.
North Korea's Lazarus hacking team, which focuses on cryptocurrency theft and espionage, has once again been exploiting a zero-day vulnerability in Microsoft Windows to install antivirus-suppressing malware dubbed Fudmodule to aid its intrusions.
Action1 has rebuffed CrowdStrike's interest in acquiring the patch management and vulnerability remediation startup for $1 billion and opted to remain independent. Action 1 has decided to turn down acquisition inquiries since the company believes it can grow into a multibillion-dollar business.
Cato Networks Chief Security Strategist Etay Maor discusses the importance of virtual patching for defending against vulnerabilities such as Log4j, why certain enterprises struggle to patch these flaws and how visibility challenges lead to overlooked risks in critical systems.
This week, Microsoft released its August patch of 90 fixes, flaws were discovered in Azure Health Bot, Orion lost $60 million in a BEC scam, Schlatter Industries was hit by malware, Microsoft said it will discontinue Paint 3D in November and Russia restricted access to Signal.
CrowdStrike is in talks to acquire Houston-based patch management and vulnerability remediation startup Action1 for close to $1 billion, co-founder and CEO Alex Vovk told employees in an email Wednesday. This would be the largest acquisition in the endpoint security vendor's history.
The British data regulator reprimanded the U.K.'s Electoral Commission for its failure to prevent a 2021 hack attack that resulted in the exposure of millions of voter records. Hackers breached the Electoral Commission's networks after exploiting the ProxyShell vulnerability.
The Internet Systems Consortium and the U.S. Cybersecurity and Infrastructure Security Agency are urging administrators to apply updates to the widely used solution called Berkeley Internet Name Domain 9 DNS implementation. Hackers could use the flaws to cause denial-of-service attacks.
CrowdStrike, in a preliminary report, has blamed internal testing problems for failing to prevent the faulty "rapid content update" that caused worldwide disruption on Friday. The cybersecurity vendor has promised to refine its testing and deployment processes to avoid any repeats.
The Department of Health and Human Services is facing some of the same cloud security problems as the healthcare organizations it regulates: weaknesses in a dozen different cloud security controls and inventories of cloud systems, according to an inspector general's audit report.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.