Federal regulators and medical device maker Philips have issued alerts about a security vulnerability in the company's Tasy electronic medical records system that could put patient data at risk. How common is this type of vulnerability?
The U.S. Department of Homeland Security is requiring that federal agencies speed up patching and remediating "critical" and "high" software vulnerabilities. Security experts say this change is long overdue. But does it go far enough?
The 2018 cybersecurity landscape ushered in a blend of old and new threats, some of them game-changing, according to Trend Micro's Annual Security Roundup. Trend's Greg Young shares insight from this report.
Every day needs to be password security day - attackers certainly aren't dormant the other 364 days of the year. But as World Password Day rolls around again, there's cause for celebration as Microsoft finally stops recommending periodic password changes.
Citrix says the data breach it first disclosed in early March appears to have persisted for six months before it was discovered and the hackers were ejected. In an ironic twist, the company sells the very products that might have blocked recent credential stuffing and password spraying attacks against it.
Vodafone is disputing a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipment could have allowed unauthorized access to its fixed-line carrier network in Italy. The report comes as Huawei continues to face concerns over its engineering practices and government ties.
How far does an organization's risk surface extend, and who are the custodians of all that data? A new research report aims to answer those questions. In a joint interview, Kelly White, of RiskRecon and Wade Baker of the Cyentia Institute offer an analysis.
An unsecured database hosted on Microsoft's cloud platform contained personal information on nearly 80 million U.S. households, according to two researchers who found it. What does Microsoft have to say about the mysterious database?
The good news is: The development of new malware exploits has slowed considerably. The bad news is: That's because the old ones still continue to work so effectively. Adam Kujawa of Malwarebytes Labs talks about the evolution of ransomware and other successful exploits.
Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users. But the breach has caused a collective gasp because it potentially magnifies risks for enterprises.
Cellular networks, including upcoming 5G networks, are not as secure as many believe, says Roger Piqueras Jover of Bloomberg, who reviews what businesses should know about security pitfalls and flaws in the networks.
TA505, a sophisticated advanced persistent threat group, is now using legitimately signed certificates to disguise malware that can penetrate banking networks, security researchers warn in a new report.
The director of Britain's GCHQ intelligence agency said at this week's CyberUK conference that declassifying and putting "time-critical, secret information" for stopping online threats into the public's hands "in a matter of seconds" is an imperative.
Organizations face a variety of security challenges as they attempt to secure their environments from the ever-changing threat landscape. As they look to gain more insight from their security devices, while gaining improved speed to detect and respond, managed detection and response is becoming a go-to solution.