In the latest weekly update, ISMG editors discussed the current state of Secure Access Service Edge solutions in 2024, vulnerabilities in Apple's Wi-Fi-based positioning system, and the patient safety questions arising after a cyberattack hit a U.S. hospital.
Apple's Wi-Fi-based positioning system can be abused to track the live location of various types of devices around the globe, including Starlink routers in war zones, researchers warn. Until Apple puts in place more defenses, they say the system will continue to pose a "large-scale privacy threat."
Cyberattackers are actively exploiting a vulnerability in the NextGen Healthcare Mirth Connect product, an open-source data integration platform widely used by healthcare companies, said CISA in an alert Monday. The flaw, which allows remote code execution, has been known since October 2023.
A maximum-severity bug in Intel's artificial intelligence model compression software can allow hackers to execute arbitrary code on the company's systems that run affected versions. The technology giant has released a fix for the Neural Compressor flaw, which is rated 10 on the CVSS scale.
Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the Qakbot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.
Erika Voss, vice president of information security at DAT Freight & Analytics, discusses the evolving landscape of cybersecurity investment, the critical areas often overlooked by enterprises - including insider threats, and the importance of building a cybersecurity culture within organizations.
Hackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." The vulnerability allows attackers to execute arbitrary commands remotely via the proprietary Home Network Administration Protocol.
A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who say they uncovered a deserialization flaw. Security researchers have long known that hackers sneak malicious code into serialized data.
Verizon executives warned that cyber defenders are struggling with fatigue amid a surge in cyberattacks targeting zero-day exploits and other vulnerabilities. It takes most enterprises nearly 55 days on average to mitigate 50% of critical vulnerabilities once patches become available, the DBIR says.
How do data breaches happen? The latest annual Verizon Data Breach Investigations Report, which aims to help defenders answer that question, points in part to the ever-present threat of ransomware and data extortion and charts a surge in attackers exploiting zero-day and known vulnerabilities.
Boundary devices offering firewall and remote access capabilities remain widely used by many organizations. But unless such appliances are rapidly patched, carefully locked down and also well-monitored, many pose a clear and present enterprise cybersecurity liability, a cyber insurer warns.
Russian military intelligence hackers are using an 18 month-old vulnerability in the Windows print spooler utility to deploy a custom tool that elevates privileges and steals credentials. Microsoft says it's seen post-compromise activities against Ukrainian, European and North American governments.
A nation-state threat actor gained access into an unclassified research and development network operated by MITRE, a non-profit that oversees key federal funded research and development centers for the U.S. government, the organization confirmed on Friday.
Half a dozen different botnets are prowling the internet for TP-Link-brand Wi-Fi routers unpatched since last summer with the goal of commandeering them into joining distributed denial-of-service attacks. Chinese router manufacture TP-Link in June patched a command injection vulnerability.
In the latest weekly update, ISMG editors discussed key insights on OT security from the Cyber Security for Critical Assets Summit in Houston, the implications of a critical Linux utility found to have a backdoor, and a CISO's perspective on comprehensive cloud security strategy.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.