Several companies that use the OpenSSL cryptography library toolkit are reportedly scrambling and releasing security advisories to their users following patching of two vulnerabilities that were first fixed and disclosed to users on Aug. 24.
Researchers have released details of a serious vulnerability in Microsoft's Exchange email server, nicknamed "ProxyToken." The bug, which was patched by Microsoft in April, could be exploited to copy emails from Exchange inboxes.
This edition of the ISMG Security Report features an analysis initiatives unveiled by the Biden administration to enhance supply chain and critical infrastructure security and address the cybersecurity skills gap. Also featured: LockBit 2.0 ransomware rep 'tells all'; misconfigured Microsoft Power Apps.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.
Google has removed eight fake cryptomining apps from its Play Store, but researchers at security firm Trend Micro have flagged 120 other apps on users' phones purporting to also be cryptomining. Users paid for services the eight apps never delivered.
To help balance security and user convenience, organizations should offer centralized user access to applications, says Krishnamurthy Rajesh, head of IT and information security at ICRA, an India-based credit rating agency.
Microsoft's Patch Tuesday rollout addressed two additional security issues within Windows Print Spooler, including one zero-day. Microsoft's August security update covers 44 vulnerabilities, with seven rated critical. Intel and Adobe also made security fixes.
More organizations are taking a "privacy by design" approach to their applications, says Barry Cook, group data protection and privacy officer at VFS Global, a Dubai-based visa outsourcing and technology services company. It's part of an effort to balance privacy and the benefits of convenience.
The latest edition of the ISMG Security Report features an analysis of how ransomware attackers share about their inclinations, motivations and tactics. Also featured: The rise of integrity attacks; dispelling vaccine myths.
83% of organizations are looking for new monitoring approaches to handle today’s cloud complexity. IT teams are challenged with monitoring cloud services and mission-critical applications by separate tools which lead to swivel chair approaches, runaway costs, and fragmented operational data getting trapped in siloed...
Researchers at Palo Alto Networks' Unit 42 say they have demonstrated how exploits of Microsoft Jet Database Engine vulnerabilities could lead to remote attacks on Microsoft Internet Information Services and Microsoft SQL Server to gain system privileges. Microsoft recently patched the flaws.
The Russian-linked group that targeted SolarWinds using a supply chain attack compromised at least one email account at 27 U.S. attorneys' offices in 15 states and Washington, D.C., throughout 2020, according to an update posted by the Justice Department.
Hack-for-hire group StrongPity deployed Android malware to target visitors to Syria's e-government website as part of its latest cyberespionage campaign, security firm Trend Micro reports.
As much as public cloud use is growing, both in total volume and in diversification of services, it is not a one-way trend. To meet evolving business needs, organizations are moving applications and workloads back and forth between cloud and on-premises environments.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.