Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. The tech giant's latest patch addressed its third zero-day vulnerability this year.
Finance needs to secure login credentials for banking apps not covered by SSO. Marketing needs to share the Instagram login with the whole social media team. Developers need an easy way to access secrets – so they don't have to hardcode them into code.
How do you protect what you can't see? You start by making...
The healthcare sector should have plenty of experience responding to data security incidents and breaches, especially in light of the record number of breaches reported last year. But when leaders are dealing with an incident, response plans can go awry. Experts offer tips for avoiding mishaps.
Two critical vulnerabilities affecting all on-premises versions of TeamCity servers can result in authentication bypass and path traversal, enabling an attacker to gain administrative privileges for a server and take it over. Users should prioritize patching now that the exploit is public.
A cyber threat actor is shifting tactics from conventional malware delivery to a targeted focus on acquiring NT LAN Manager authentication information to potentially collect sensitive data and perform other malicious actions. The campaigns have targeted hundreds of organizations globally.
A new report from the Office of the National Cyber Director calls for the universal adoption of memory-safe programming languages, but experts warned ISMG the process of overhauling legacy information technology and high-impact code can be daunting, costly and risky.
North Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.
Previous studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for internet and network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.
Software giant ConnectWise urged customers to promptly update critical vulnerabilities that could allow the execution of remote code or directly affect confidential data or critical systems. The two vulnerabilities stem from an authentication bypass weakness and path traversal flaw.
Bugcrowd received a $102 million venture capital investment to fuel strategic growth, the company announced Monday. "Our customers are outgunned and outmatched. They need to tap into all this creativity that exists within the hacker community," said company CEO Dave Gerry.
The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
Remote desktop application provider AnyDesk acknowledged that hackers recently had gained unauthorized access to the company's production systems in a cyberattack. The firm said it has revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.
With cybersecurity risks continuing to grow in number and sophistication, Managed Service Providers responsible for managing clients' security must identify, prioritize, and remediate threats across their IT environments. MSPs can grow their business by running a network assessment for a prospect, showing them the...
Cybercriminals are constantly on the lookout for software vulnerabilities to exploit, and any single vulnerability can grant them access to a network. As a Managed Service Provider, choosing the right vulnerability management solution creates opportunities to develop new and recurring revenue streams, and...
Vulnerability Management is becoming more difficult than ever.
As the attack surface has grown, the security industry has become obsessed with detecting every possible vulnerability. Our ability to address these vulnerabilities hasn’t kept pace with the millions of vulnerabilities from dozens of sources found in...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
