Attention to anyone who manages a Microsoft Windows environment: Security researchers are tracking a zero-day vulnerability in Microsoft Office that's being actively exploited by attackers to run malicious code on a vulnerable system.
The U.S. Department of Justice has revised its policy on who it charges with violations under the Computer Fraud and Abuse Act. The DOJ now specifies that good-faith security research and researchers cannot be charged under the CFAA because they help improve cybersecurity standards.
An emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency advises all federal agencies in the country to immediately patch and address two vulnerabilities - one with a critical CVSS score and the other with a high score - that affect at least five VMware products.
Across industrial sectors, limited asset visibility, reliance on manual processes and siloed data are three common factors that make it hard to effectively protect OT operations and streamline IT and OT vulnerability management & response.
In this live webinar, you'll get guidance from subject matter experts on...
The Five Eyes intelligence alliance has released a set of the 15 most routinely exploited vulnerabilities in the past year. Nine of the 15 vulnerabilities allow remote code execution, and the rest include privilege escalation, security bypass and path traversal, among other flaws.
As a security leader, you know that the way to align your vulnerability management program to support the business is to mitigate the vulnerabilities that have the biggest business impact. But that’s easier said than done. How do you discover and rate each vulnerability? How do you remediate them without disrupting...
Industrial organizations dealt with significant challenges in 2021. Cyberattacks on the Oldsmar, Florida water facility, Colonial Pipeline, and JBS, as well as the SolarWinds supply chain attack, propelled industrial cybersecurity to the national and global stage. Millions of people have woken up to the staggering...
When it comes to the need for strong industrial cybersecurity, many enterprises received a major wake-up call when NotPetya—widely regarded as the one of the costliest and most destructive cyber attacks in history—caused billions of dollars in damages and affected IT and OT environments alike. The importance of...
New Cobalt CEO Chris Manton-Jones plans to push upmarket and go after enterprise customers and leverage automation and self-service to accelerate product growth. He replaces founder Jacob Hansen, who had served as CEO since Cobalt's inception in 2013 and will remain with the firm as a board member.
Claroty’s Biannual ICS Risk & Vulnerability Report offers a comprehensive look at industrial control system (ICS) vulnerabilities publicly disclosed during the second half of 2021, including those found by Team82 and those found by affected vendors, independent security researchers, and experts inside other...
Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers signed up with bug bounty platforms, which can no longer legally make payments. A researcher in Belarus says he's locked out from accessing $25,179 in his HackerOne account.
Building an effective vulnerability management program requires assessing your inventory to identify the critical, vulnerable, external- and internal-facing applications and applying internal controls to secure them, says John Sandiford, principal security architect at Verizon.
In a U.S. Senate hearing on Tuesday, the Apache Software Foundation and leaders from Cisco, Palo Alto Networks and The Atlantic Council discussed open-source software security, urging both government and private sector entities to recognize the breadth of the free-to-use software and adversaries' willingness to...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.