Jeff Williams, co-founder and CTO of Contrast Security, says people have a right to know if the products they use are secure. It's difficult to tell if software is secure, he says, so companies need incentives to build good security programs, improve their software and disclose any flaws they find.
Technology giant Microsoft has released patches for 51 vulnerabilities as part of its Patch Tuesday announcement. Of the total, none of the fixes are for critical bugs, and three are rereleased patches. Separately, the company says it will block internet macros by default in its Office applications.
Equifax has agreed to a settlement for the 2017 data breach that exposed the personal information of 147 million people. The settlement with the U.S. Federal Trade Commission, the Consumer Financial Protection Bureau and 50 U.S. states and territories includes up to $425 million to help victims.
Israeli officials announced they will set up a commission of inquiry to investigate reports that the nation's police force used the flagship spyware of Israeli firm NSO Group, called Pegasus, to hack the phones of Israeli public officials, journalists and activists.
Threat actors have replicated the Armaan and Hamraaz apps used by Indian Army personnel, and injected malware capable of reading SMS, live location and contacts on mobile devices. The malware also allows access to audio files, including phone recordings, MalwareHunter Team and Cyble researchers say.
Organizations are forced to prioritize security efforts. This leads to risky tradeoffs, like only focusing on part of the attack surface. And a lot of organizations have adopted security models such as shifting left, at the risk of having an incomplete strategy. Efforts to staff up, prioritize resources, and situate...
Eset says it has patched a high-severity privilege escalation bug affecting its clients who use Windows-based systems. The company has released software updates for all affected versions of its product, as well as a workaround, and says no exploits have been reported.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The Log4j vulnerability exists in unpatched versions of Ubiquiti's UniFi Network applications, and is being actively targeted by attackers via a customized exploit, researchers at security firm Morphisec warn. While updates are available, systems remain at risk until patched.
The House Oversight and Reform Committee today advanced its version of the Federal Information Security Modernization Act of 2022, which entails cybersecurity updates for federal civilian agencies. The bipartisan measure was sent to the full House on a voice vote.
Learn to understand the gray space in which malicious attack campaigns function in order to get ahead of attackers, and avoid data breaches or negative outcomes for your business.
Organizations today need to rethink how cloud security not only drives stronger predictions, but adds value with ease of use. Learn how you can stop the most evasive attacks automatically with adaptive security.
The focus on automation, tooling and reactive responses to cyber threats can no longer stand alone against an increasingly sophisticated threat landscape, where attackers are also employing advanced tools to successfully breach even the most protected networks and systems. What is needed is a human-led approach to...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.
