Every week seems to bring a fresh installment of "patch or perish." But security experts warn that patch management, or the larger question of vulnerability management, must be part of a much bigger-picture approach to managing risk. And the challenge continues to get more complex.
A new weaponized proof-of-concept exploit for the BlueKeep vulnerability in Windows has been released by researchers at Rapid7 and Metasploit in an effort to help create a sense of urgency to patch the flaw.
Apple is criticizing recent Google research that describes an expansive iPhone hacking campaign, accusing Google of "stoking fear" among users of its products. Google says it stands by its blog post, which focused on technical findings.
Online encyclopedia Wikipedia is investigating a DDoS attack that temporarily blocked access to several of its European and Middle Eastern sites over the weekend.
In the wake of major data breaches in Singapore, the nation's Personal Data Protection Commission has come out with stricter rules for collection and disclosure of the National Registration Identity Card, or NRIC, and other national identification numbers.
Three weeks after a ransomware attack slammed 22 Texas municipalities' systems, state officials say more than half of the cities have returned to normal operations and the rest have advanced to system restoration. Meanwhile, officials have shared lessons learned for managed service providers and customers.
Paige A. Thompson, who prosecutors allege hacked into Capital One's network to access millions of credit card applications, has pleaded not guilty to federal computer crime charges. Her tentative trial date is Nov. 4.
Independent security researchers have found yet another unsecured database accessible via the internet. This time, the exposed data belongs to South Korean manufacturing company DK-Lok.
The use of facial recognition technology within a fashionable section of London is continuing to stir controversy with an admission this week that the Metropolitan Police Service shared images with a developer as a part of a trial run of a surveillance system.
A hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more than six weeks, security experts warn. Exploiting the flaws could enable attackers to gain full, remote access to targeted networks.
From socially engineered attacks to malicious insiders, organizations globally are dealing with many of the same fraud issues. But how do they ensure that fraud is a board-level concern? Kaspersky's Claire Hatcher shares insights.
This week's ISMG Security Report takes a close look at whether an iPhone hacking campaign may be linked to Android spying campaigns by China. Plus: Do ransomware gangs target organizations that have cyber insurance?
Modular malware is targeting India's critical infrastructure in a manner that's extremely difficult to detect, says Prayukth K.V. of Subex Ltd., a telecom solutions provider that has released a new report on the threat.
Account takeover (ATO) attacks result in billions of dollars of fraud and damage to brand reputation each year. These are the costs and risks associated with ATO.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.