Federal authorities warn that hackers could take over genetic testing devices manufactured by Illumina, although neither the manufacturer nor the Food and Drug Administration has received reports of attacks. The vulnerabilities affect Illumina's Universal Copy Service software.
OT attacks have doubled. Mark Cristiano, global commercial director of cybersecurity services at Rockwell Automation, discusses how organizations can develop a strategic approach to OT security that aligns with their risk profile, cyber maturity and ability to absorb change.
Nurse call systems present a top cybersecurity risk in clinical environments, but so do an array of other similarly connected nonmedical devices commonly found in healthcare settings, says a new research study by security vendor Armis.
Threat actors are exploiting Kubernetes Role-Based Access Control in the wild to create backdoors and to run cryptocurrency miners. Researchers observed a recent campaign that targeted at least 60 Kubernetes clusters by deploying DaemonSets to hijack and steal resources from the victims' clusters.
A North Korean backdoor targeting Linux desktop users shares infrastructure with the hacking group behind the 3CX software supply chain hack. Cybersecurity firm Eset analyzed the backdoor and connected it with a Pyongyang fake job recruiting campaign generally known as Operation Dream Job.
EDR has been in existence for years, but many organizations still fail to address known vulnerabilities, and struggle with how to create a solid endpoint security strategy, said Romanus Prabhu Raymond, director of product support at ManageEngine.
Sanitize IT gear before decommissioning is well-trod cybersecurity advice given to corporations everywhere and yet many persist in disposing of equipment still laden with sensitive data. Cybersecurity firm Eset says it found a wealth of corporate data on secondhand routers.
An Iranian state hacking group shifted from espionage to direct targeting of U.S. critical infrastructure - a likely indicator of newfound aggression by the national security apparatus, says Microsoft. One sign of Iran's new intensity is quicker uptake of exploits of newly disclosed vulnerabilities.
The FDA's new cybersecurity policy is a "watershed moment" for the industry, says Kevin Fu of Northeastern University. The agency will soon begin rejecting manufacturers' new medical device submissions that lack detailed cybersecurity measures, which will help ensure uniformity, he says.
Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.
A new Food and Drug Administration policy to "refuse to accept" premarket submissions for new medical devices if they lack of cybersecurity details will help substantially improve the state of legacy devices in the future, said the FDA's Dr. Suzanne Schwartz. Here's a look at the new requirements.
Most healthcare organizations allocate 6% or less of their information technology budget for cybersecurity, putting them at a disadvantage in their security defenses and for competitive hiring, according to a recent survey by the Healthcare Information Management Systems Society.
Members of a European Parliament committee heard Thursday an assessment warning them that a bill intended to fight child sexual abuse material would instead weaken online security. The Child Sexual Abuse Material proposal faces a barrage of opposition from industry and civil liberty groups.
Cybersecurity authorities issued a road map Thursday detailing how software manufacturers should go about baking security into their design processes. The document details how manufacturers should adjust their design and development programs to ensure software is secure.
Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.