Australian software firm Atlassian has issued fixes for a critically rated vulnerability in its Jira software that could allow an unauthenticated attacker to remotely bypass authentication protections in place. Both Jira and Jira Service Management are vulnerable to this bug.
A week after Microsoft announced the Windows Autopatch feature and declared that, come July, the tradition of Patch Tuesday will end, it's Patch Tuesday again, and the company has issued more than 100 security fixes for software that resolve critical issues, including two zero-day vulnerabilities.
Starting in July, the second Tuesday of every month will "just be another Tuesday," Microsoft says. After releasing patches for vulnerabilities in its software every second Tuesday of every month since 2016, Microsoft says it is now set to roll out automatic updates. Some security experts weigh in.
Google's threat analysis team has detected a new remote code execution flaw leveraged by North Korean nation-state attackers targeting cryptocurrency, fintech and other industries. Although not named in the report, there appears to be a link to the notorious Lazarus cybercrime group.
(ISC)² released results of an online poll about the Log4j vulnerability and the human impact of the efforts to remediate it. CISO Jon France shares findings from the survey, revealing the severity and long-term consequences of the Log4j attack for security teams and the organizations they protect.
A security researcher found two critical vulnerabilities and one high-severity vulnerability in two separate Veeam products that may allow attackers to perform remote code execution and allow local privilege execution on victims' systems, respectively. Veeam has issued patches for all three bugs.
Russian state-sponsored threat actors are exploiting default MFA protocols, along with PrintNightmare, the Windows Print Spooler vulnerability, to illegally access the network of a nongovernmental organization, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI say.
It is critical for medical device manufacturers to take a threat modeling approach early in a product's design stage, say MITRE medical device cybersecurity experts Margie Zuk and Penny Chase, co-authors of the recently released Playbook for Threat Modeling Medical Devices commissioned by the FDA.
Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers signed up with bug bounty platforms, which can no longer legally make payments. A researcher in Belarus says he's locked out from accessing $25,179 in his HackerOne account.
The U.S. OMB recently released its latest deliverable as part of President Biden's cybersecurity executive order. Former federal CISO Grant Schneider discusses this guidance and shares best practices for agencies and organizations to improve the security of their software supply chain.
Healthcare entities and other organizations frequently skimp on application security, which is a critical area, and this often results in data breaches, security incidents and other mishaps, says former Blue Cross of Idaho CISO Sandy Dunn, who is now CIO and CISO of security firm BreachQuest.
Federal authorities are warning about seven vulnerabilities affecting a software agent used to remotely manage an array of medical devices and other connected gear. If exploited, the vulnerabilities could enable hackers to gain full control of the affected devices or alter their configurations.
A newly revealed flaw in the Linux kernel dubbed "Dirty Pipe" could potentially allow attackers to take complete control over a device, read private messages and gain admin-level privileges. The Linux Foundation has patched the flaw.
Guidance from the Healthcare Sector Coordinating Council provides healthcare delivery organizations and vendors with recommendations for including cybersecurity in contracts pertaining to the procurement of medical device products and related services.
Critical cybersecurity gaps in smart infusion pumps have put the data and care of hundreds of patients at risk, according to researchers at Unit 42 of cybersecurity firm Palo Alto Networks. They say that 75% of the 200,000 smart infusion pump networks they scanned contained known security gaps.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
