Previous studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for internet and network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.
Software giant ConnectWise urged customers to promptly update critical vulnerabilities that could allow the execution of remote code or directly affect confidential data or critical systems. The two vulnerabilities stem from an authentication bypass weakness and path traversal flaw.
Bugcrowd received a $102 million venture capital investment to fuel strategic growth, the company announced Monday. "Our customers are outgunned and outmatched. They need to tap into all this creativity that exists within the hacker community," said company CEO Dave Gerry.
The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
Remote desktop application provider AnyDesk acknowledged that hackers recently had gained unauthorized access to the company's production systems in a cyberattack. The firm said it has revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.
Accenture has finalized its acquisition of U.K. tech consultancy firm 6point6, which specializes in cybersecurity, cloud and digital transformation solutions. The acquisition will add 6point6's 400 staffers to Accenture in support of its business in the U.K. market.
The European Central Bank beginning this month will conduct cyber stress tests on banks to determine their resilience against cyberattacks. The agency is requiring 109 banks in Europe to perform vulnerability assessments and incident response evaluations by mid-2024.
Marta Rybczyńska, technical program manager at Eclipse Foundation, discussed best practices for reporting vulnerabilities, adopting AI and bridging the gap between developers and security researchers to adhere to cybersecurity best practices for open-source software.
Vulnerability researcher Jesse Chick busted the tacit assumption that data centers are inherently more secure than other computing environments. Devices that are co-located in large data centers and those hosted on-premises share a lot of the same issues and vulnerabilities, he said.
As a legacy protocol, DICOM lacks proper security measures, and as the healthcare industry modernizes and moves to the cloud, there is a significant risk of patient data exposure, said Sina Yazdanmehr, a senior IT security consultant at Aplite.
Bugcrowd CEO Dave Gerry and Emily Ferdinando, vice president, marketing, highlighted the significance of tapping into the creativity of the ethical hacker community, combined with the expertise of internal security teams, to enable organizations to stay one step ahead of cyberthreats.
Open-source software is pervasive in healthcare. It is used in critical systems such as electronic health records and components contained in medical devices. Federal regulators are urging healthcare sector firms to be vigilant in managing risks and threats involving open-source software.
A recent spike in ransomware attacks has prompted federal regulators and the American Hospital Association to issue urgent warnings to hospitals and other healthcare firms to prevent potential exploitation of the Citrix Bleed software flaw affecting some NetScaler ADC and NetScaler Gateway devices.
Zombie APIs are becoming more common, just because of the sheer number APIs and third-party vendors that organizations rely on. Joshua Scott, head of information security and IT at API platform Postman, says businesses need to identify "what is critical to the business and map backward."