SecurityWeek

Omni Hotels & Resorts tells customers that recent disruptions have been caused by a cyberattack that forced it to shut down systems.

City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information.

A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system.

Cloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities.

Data breach impacting users’ personal information prompts survey rewards platform SurveyLama to reset passwords.

Google this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices.

New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks.

News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China's audacious Microsoft’s Exchange Online hack and isn't at all surprised by the findings.

Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019.

An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans.

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises?

MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done?

Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials.

A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.

Jackson County, Missouri, discloses ‘significant disruptions’ to IT systems, says ransomware attack likely at fault.

Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest.

The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.

Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild.

Google is bringing to Chrome new features to bind browser sessions to the device and protect users against cookie theft.

A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.