Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Corporate network security breaches, which can prove costly to remediate and expose a company to lawsuits, are frequently the result of vulnerabilities that could have been fixed for a relatively low cost. A a brute force penetration test is a critical first step in finding those vulnerabilities.
Six months after Facebook agreed to a landmark privacy settlement with the U.S. Federal Trade Commission that resulted in a $5 billion fine, a federal judge is still considering objections from advocacy groups that claim the deal doesn't go far enough.
British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.
Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think.
The security company Check Point has revealed several vulnerabilities in TikTok, the popular Chinese video app that has raised concerns lately from the U.S. military and lawmakers. The issues are fixed, and TikTok says it doesn't appear the issues were exploited for a breach.
A ransomware attack has held London-based foreign currency exchange firm Travelex hostage since New Year's Day, the company confirmed Tuesday. It appears that the Sodinokibi group is behind the attack and is asking for millions from the company.
The FBI has sent a letter to Apple asking for help in accessing encrypted data from two iPhones belonging to a deceased shooter. The bureau's move may be a prelude to another legal fight between the FBI and Apple over strong encryption.
Complex, manual processes and disparate, disconnected tools make it difficult for security and IT teams to mount a cohesive response. Bryce Schroeder of ServiceNow discusses a more effective approach to vulnerability response.
Not even George Orwell could have predicted nation-state surveillance in the 21st century. Give us free instant messaging for our smartphones, and faster than you can say "viral kitten video," we're collectively part of a mass surveillance nightmare. Case in point: The ToTok social messaging app.
Attackers are hitting unpatched Pulse Secure VPN servers with Sodinokibi - aka REvil - ransomware, British security researcher Kevin Beaumont warns. Pulse Secure says that although many organizations have installed the critical April 2019 patch, holdouts persist.
Accenture plans to buy the former Symantec Cyber Security Services business from Broadcom for an undisclosed sum, the two companies announced Tuesday. The deal comes only five months after Broadcom paid $10.7 billion for Symantec's entire enterprise security division.
Protecting enterprise networks from attackers boils down to the same thing: Unless organizations get the basics right, they're sitting ducks. That's a top takeaway from experts warning that Iran will likely retaliate with cyberattacks after one of its senior military leaders was killed by a U.S. drone strike.
Adopting the policies in NIST 800-171 brings multiple security-related benefits, including best practices for data access policies, reduced risk of data breaches and insider threats, and a scalable approach to protecting sensitive data.
In the wake of the killing of an Iranian general in a U.S. drone attack last week, organizations - especially healthcare entities and units of government that have been vulnerable to ransomware attacks - need to be on guard against destructive "wiper" attacks, says Caleb Barlow of CynergisTek.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.