Patch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that attackers can exploit to remotely execute code. The Drupal project team has released updates to fix the problem, which is already being targeted by hackers.
Facebook says it will soon issue a patch for a bug in its WhatsApp messenger application that can circumvent a security feature launched just last month for Apple devices. The flaw could let someone with physical access to a device bypass Face ID and Touch ID.
A security consultancy discovered Facebook user data exposed in two different places online without authentication or encryption. The data, which is now offline, came from an Android app that purported to offer statistical information to logged-in users.
A famed British computer security researcher has lost several key motions in a federal hacking case that stems from his alleged contribution to two types of banking malware. The rulings could complicate the challenges for the defense team of Marcus Hutchins, who remains in the U.S.
Red Hat, Amazon and Google have issued fixes for a serious container vulnerability. The flaw in the "runc" container-spawning tool could allow attackers to craft a malicious container able to "break out" and gain root control of a host system, potentially putting thousands of other containers at risk.
Apple says it has engineered a server-side fix for a flaw in its FaceTime messaging app and plans to issue a patch for clients this week. The patches will resolve a situation jokingly dubbed "FacePalm" that revealed a bug-reporting gap.
The digital revolution has given healthcare organizations new tools to increase team efficiency and improve their customer experience. But it's also opened up new vectors that cybercriminals can use to attack. As your attack surface expands to infrastructure that you don't own or control, becomes increasingly...
Sophos is out with new reports on Matrix and Emotet, two different types of cyberattacks that are hitting enterprise defenses. Matrix is a targeted ransomware, an emerging type of attack Sophos expects to gain prominence, and Emotet is malware that has evolved over the years into an opportunistic, polymorphic threat...
For decades, IT professionals have been fighting malware, hackers, and other threats. Data protection, confidentiality, integrity and availability have long been threatened not only by amateur hackers, but by profit-oriented, well-organised criminals. Victims can usually only react because many of the usual methods...
The coming end-of-support for Windows Server 2008 leaves organizations with few viable options to receive updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions*.
The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions*.
Airline booking system provider Amadeus - whose system is used by 500 airlines - is investigating a software vulnerability that exposed passenger name records, which is the bundle of personal and travel data that gets collected when booking a flight.
The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.
German officials say the suspect behind the mega-leak of politicians' and celebrities' personal details exploited their weak passwords to access email, social media and cloud service accounts. What can the security industry do to help address the password problem?
On Wednesday, just days after a new "cybersecurity" law took effect, Vietnam alleged that Facebook has violated the law by allowing users to post anti-government comments on the platform. The so-called cybersecurity law actually speaks little about IT security measures.