Click2Gov municipal payment portals for eight U.S. cities were compromised after an apparent vulnerability in the software. More than 20,000 stolen payment card records have turned up in underground markets, says Gemini Advisory.
Two years after WannaCry wreaked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.
As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.
Email server alert: Linux and Unix administrators should immediately patch a remotely exploitable flaw in Exim, one of the world's most-used message transfer agents, security experts warn. Attackers could abuse the flaw to deliver ransomware, spy on or spoof emails and possibly also take down cloud services.
Every week seems to bring a fresh installment of "patch or perish." But security experts warn that patch management, or the larger question of vulnerability management, must be part of a much bigger-picture approach to managing risk. And the challenge continues to get more complex.
A new weaponized proof-of-concept exploit for the BlueKeep vulnerability in Windows has been released by researchers at Rapid7 and Metasploit in an effort to help create a sense of urgency to patch the flaw.
A hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more than six weeks, security experts warn. Exploiting the flaws could enable attackers to gain full, remote access to targeted networks.
Modular malware is targeting India's critical infrastructure in a manner that's extremely difficult to detect, says Prayukth K.V. of Subex Ltd., a telecom solutions provider that has released a new report on the threat.
Overwhelmed by the number of vulnerabilities your team faces? Uncertain which cyber threats pose the greatest risk to your business? You're not alone. Cybersecurity leaders have been grappling with these challenges for years - and the problem keeps getting worse.
On average, enterprises find 870 vulnerabilities per...
The latest edition of the ISMG Security Report offers an analysis of how French cyber police disrupted a cryptomining malware gang. Also featured: Apple's botched patching of a jailbreaking vulnerability; an industry veteran's insights on battling payment card fraud.
In a series of recent attacks attributed to the umbrella criminal group known as Magecart, malicious JavaScript code was injected into over 80 e-commerce websites to steal credit card and other customer data, according to a new report from the security firm Arxan, which highlights the sites' vulnerabilities.
Apple released a patch on Monday that fixes a bug it accidentally reintroduced in a previous patch update. The flaw allowed iOS enthusiasts to jailbreak their up-to-date devices, but also could have been put to malicious use by hackers.
Significant security events have many techniques in common, says Chris Hallenbeck of Tanium, who describes why security hygiene improvement, especially patch management, is so essential.
Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords. The exploits come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May.
Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
