Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say.
Researchers at the security firm Tenable uncovered a vulnerability in a Siemens software platform used to manage industrial control systems, and Siemens has issued a patch. The same platform was exploited during the Stuxnet attack a decade ago.
Sophos is the latest security firm to create a proof-of-concept exploit for the BlueKeep vulnerability in older versions of Windows. The company echoed several government agencies that have urged businesses to patch their devices.
Cloudflare was unsparing in its criticism of Verizon over a BGP snafu that hampered 15 percent of its global traffic, as well as traffic of Amazon and Google. Verizon's error underscores that much heavy lifting remains to make critical internet infrastructure secure.
Hackers have repeatedly stolen valuable data - including launch codes and flight trajectories for spacecraft - from NASA's Jet Propulsion Laboratory in recent years, according to a new inspector general audit, which describes weak security practices.
Bug bounty myths: All such programs must be public, run nonstop, pay cash to bug-spotters and allow anyone to join. But HackerOne's Laurie Mercer says such programs often run as private, invitation-only and time-limited endeavors, sometimes offering only swag or public recognition.
Upgrading to a new OS can be a significant headache for IT teams, taking
up a lot of man-hours and IT budgets. Since there is no automatic in-place
upgrade to transition from Win7's 32-bit to Win10's 64-bit version, the
migration process can be extremely time-consuming - involving multiple
manual steps that can...
A security researcher has posted a demonstration showing how an attacker could exploit the BlueKeep vulnerability to take over a Windows device in a matter of seconds. Meanwhile, the NSA has joined Microsoft in urging users to patch devices before an attacker takes advantage of this vulnerability.
Microsoft has taken the unusual step of issuing a second warning about BlueKeep, a vulnerability that, if left unpatched, could allow an attacker to use a worm-like exploit to take over devices running older Windows operating systems. Security researchers warn that exploits are coming.
A security researcher warns that nearly 1 million devices running older versions of Microsoft Windows remain vulnerable to a recently discovered flaw in Microsoft's Remote Desktop Protocol service that could enable attackers to use a worm-like exploit to take over unpatched machines.
Multiple flaws - all serious, exploitable and some already being actively exploited - came to light last week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?
Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.
Every organization has systems that can't be secured well enough - perhaps because they can't be patched in a timely manner, can't provide data for monitoring, or aren't compatible with standard security tools. When unsecurable systems support mission-critical processes or hold valuable data, cyberattackers are adept...
Here's free software built by the National Security Agency called Ghidra that reverse-engineers binary application files - all you have to do is install it on your system. So went the pitch from the NSA's Rob Joyce at this year's "Get Your Free NSA Reverse Engineering Tool" presentation at RSA Conference 2019.
The problem: growing adoption of interconnected technologies is stretching capabilities of existing public key infrasructures (PKIs) and driving the need to stand-up new ones.
The challenge here is maintaining a strong root of trust across the enterprise PKI that fulfills the operational demands of more...