As Russia's invasion of Ukraine continues, what should global CISOs and security teams do to ensure that their organizations stay protected? Beyond following cybersecurity agencies' guidance, experts offer advice on how to brief the board of directors, appeal for resources, support teams and more.
Since 2019, the Global Cyber Alliance has been using a custom IoT honeypot solution that identifies global attack risks and collects data about IoT attacks. Leslie Daigle discusses its findings about how threats have evolved and offers advice on how to better secure IoT devices and tech.
On Feb. 13, Adobe patched a critical vulnerability that affected its Commerce and Magento platforms, which customers use to manage their businesses' e-commerce. But a proof-of-concept exploit for the latest patch has resulted in yet another out-of-band patch update from Adobe for CVE-2022-24087.
Cisco's Email Security Appliance is affected by a high-rated vulnerability that can allow an unauthenticated remote attacker to launch a denial-of-service attack, the company says. The company and CISA advise that affected software be updated at the earliest.
The January cyberattack on the International Committee of the Red Cross, which compromised the data of more than 515,000 highly vulnerable people, was specifically targeted at the organization, using code designed for execution on the ICRC servers, according to Director General Robert Mardini.
A massive data breach has been uncovered by researchers who say the incident totals in excess of 172 GB of data and affects an estimated 19 million people. The victims are primarily customers of online appointment company FlexBooker, researchers say.
Several global Computer Emergency Response Teams have issued alerts as well as fixes for Google Chrome browser and Android operating system vulnerabilities. Countries issuing the alerts include France, India and Canada.
Researchers have detected a massive breach of more than 500 stores. All of the targeted sites were still using the 12-year-old Magento 1 e-commerce platform, which Adobe stopped supporting on June 30, 2020.
Technology giant Microsoft has released patches for 51 vulnerabilities as part of its Patch Tuesday announcement. Of the total, none of the fixes are for critical bugs, and three are rereleased patches. Separately, the company says it will block internet macros by default in its Office applications.
ESET says it has patched a high-severity privilege escalation bug affecting its clients who use Windows-based systems. The company has released software updates for all affected versions of its product, as well as a workaround, and says no exploits have been reported.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The Log4j vulnerability exists in unpatched versions of Ubiquiti's UniFi Network applications, and is being actively targeted by attackers via a customized exploit, researchers at security firm Morphisec warn. While updates are available, systems remain at risk until patched.
As ransomware and other disruptive security incidents continue to surge, cyberattacks rank as the top health technology hazard in hospital environments this year, say security experts Chad Waters and Juuso Leinonen of patient safety organization ECRI.