Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
ICS Patch Tuesday — Siemens and Schneider Electric have released a total of 15 new advisories that address 43 vulnerabilities. [Read More]
The company has addressed the Spring4Shell bug (CVE-2022-22965) in six products, but hasn’t provided details on other potentially affected software. [Read More]
The critical F5 BIG-IP vulnerability CVE-2022-1388 is being exploited to erase files from appliances, potentially causing serious disruption. [Read More]
Half of the attacks Kaspersky has observed since July 2021 happened between January and April 2022. [Read More]
Microsoft patches at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks. [Read More]
Found in the third-party ODBC data connector for Amazon Redshift, the security bug impacted Azure Data Factory and Azure Synapse Pipeline. [Read More]
Adobe ships patches for at least 18 serious security defects in multiple enterprise-facing products and warned that unpatched systems are at risk of remote code execution attacks [Read More]
IoCs and other resources have been made available for the actively exploited BIG-IP vulnerability tracked as CVE-2022-1388. [Read More]
Tracked as CVE-2022-27588, the vulnerability could allow a remote attacker to run arbitrary commands. [Read More]
Impacting the ‘yank’ action, the bug allowed any RubyGems.org user to remove certain Ruby packages and replace them with malicious ones. [Read More]
FEATURES, INSIGHTS // Vulnerabilities
Laws to support swift and automatic updates for all devices, and consequence to organizations that fail to ensure their IoT devices are secure, would be a big step forward for IoT security.
With a software composition analysis (SCA) tool in place, security teams can quickly scan an information repository and know where vulnerable software is being used.
The "Reaper" IoT botnet is holding itself up as a blinky light in front of our faces, reminding the InfoSec community that we really need to get ahead of IoT madness.
We need to consider whether traditional approaches to vulnerability management are still viable and if just upgrading existing methods or tools is sufficient.
Vendors, practitioners and security experts must all work closely together to combat the well-funded actors who pose a threat to medical devices.
Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else?
DUHK and ROCA are both implementation-specific vulnerabilities concerning one of my favorite topics, random number generators.
The end user community is at the mercy of security researchers to act responsibly in order to limit the potential for their findings to be used for malicious purposes.
With greater awareness about POS system attacks, operations against third-party suppliers, and the vulnerabilities of public or semi-public Wi-Fi networks, companies can do a lot to mitigate risk and ensure safer journeys for travelers.
One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack.
Get the Daily Briefing
- Nikkei Says Customer Data Likely Impacted in Ransomware Attack
- New Brute Force Attacks Against SQL Servers Use PowerShell Wrapper
- DoJ Will No Longer Use CFAA to Charge Ethical Hackers
- Pro-Russian Hackers Spread Hoaxes to Divide Ukraine, Allies
- Researchers Spot Supply Chain Attack Targeting GitLab CI Pipelines
- Phishers Add Chatbot to the Phishing Lure
- QuSecure Lauches Quantum-Resilient Encryption Platform
- Cloud Data Security Firm Dig Emerges From Stealth With $11 Million in Funding
- US Recovers $15 Million From Ad Fraud Group
- Enterprise Data Protection Company Seclore Raises $27 Million
Copyright © 2022 Wired Business Media. All Rights Reserved. Privacy Policy