Two key concepts are shaping how organizations protect their digital assets: cybersecurity by default and cybersecurity by design. Professor John Goodacre, director, Digital Security by Design, UKRI, discusses the need to design technology that inherently protects against vulnerabilities.
A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.
U.S. federal authorities are alerting healthcare entities about critical vulnerabilities in two medical device products from manufacturer Baxter. Both flaws can be exploited remotely, potentially jeopardizing patient care. Some experts say such disclosures in general need more attention.
Information Security Media Group editors are live at Infosecurity Europe Conference 2024 in London with an overview of opening-day activities and hot topics including the latest ransomware trends, software security, election security and artificial intelligence risks.
IBM, Rubrik, Palo Alto Networks and CrowdStrike entered the red-hot data security posture management market with nine-figure deals announced between May 2023 and March 2024. Now, Tenable reportedly wants a piece of the action as it eyes the purchase of Eureka.
In the latest weekly update, ISMG editors discussed the current state of Secure Access Service Edge solutions in 2024, vulnerabilities in Apple's Wi-Fi-based positioning system, and the patient safety questions arising after a cyberattack hit a U.S. hospital.
Bugcrowd has acquired Informer to enhance its external attack surface management, giving customers better visibility and security. The integration will bring Bugcrowd's existing bug bounty and penetration testing offerings together with new capabilities such as brand impersonation detection.
Cyberattackers are actively exploiting a vulnerability in the NextGen Healthcare Mirth Connect product, an open-source data integration platform widely used by healthcare companies, said CISA in an alert Monday. The flaw, which allows remote code execution, has been known since October 2023.
The highly targeted U.S. hospital sector could get a boost in avoiding cyberattacks with a $50 million investment by a federal research agency aimed at enhancing automation, vulnerability detection and remediation across a variety of devices in healthcare environments.
A maximum-severity bug in Intel's artificial intelligence model compression software can allow hackers to execute arbitrary code on the company's systems that run affected versions. The technology giant has released a fix for the Neural Compressor flaw, which is rated 10 on the CVSS scale.
Dealing with generative artificial intelligence is challenging for CISOs on multiple fronts, including monitoring employee use of gen AI, as well as how to red team and security test their own large language models and products, said Daniel Kennedy, principal research analyst at 451 Research.
Hackers are using generative AI to boost their malicious activities and are making progress toward autonomous, AI-driven internet exploitation. Casey Ellis, founder of Bugcrowd, highlights that while bias is a key AI concern, integrating AI safely into existing processes is a bigger challenge.
Security researchers have found 11 vulnerabilities in certain GE HealthCare ultrasound products that could allow malicious actors to physically implant ransomware or manipulate patient data stored on the affected devices. GE said the risks can be mitigated through best security practices.
The challenges of securing proprietary data within AI models and the paradigm shift in enterprise security are brought about by the widespread adoption of AI models. Aaron Shilts, president and CEO, NetSPI, discusses the risks posed by AI and the importance of continuous security assessments.
Sumedh Thakar, president and CEO, Qualys, explores the shift in cyber risk management from a tools-focused approach to strategic risk quantification, highlighting the key role of CISOs in driving this transformation. Boards are now recognizing that "cyber risk is a business risk," he said.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.