Microsoft issued a patch for an actively exploited zero-day flaw in its latest Patch Tuesday security patch dump. The flaw allows hackers to elevate their system privileges. The update includes 63 other patches, including one other zero-day and three other critical vulnerabilities.
The United States hit Iran with a new round of sanctions after linking Tehran with the July cyberattack against Albania. The sanctions are more symbolic than material in effect but send a message that hacking U.S. allies has consequences.
In the latest "Proof of Concept," VP and CISO Nicole Darden Ford shares findings from Rockwell Automation's new survey report on cybersecurity preparedness in critical infrastructure, OT security gaps, the state of critical infrastructure, and insights into preparedness and best practices.
A recent survey sponsored by Rockwell Automation finds that critical infrastructure organizations miss basic protections for operational technology, with 80% failing to conduct frequent asset inventory audits, 63% lacking real-time threat monitoring and 42% needing effective patch management.
Calling all Apple users: It's time to once again patch your devices to protect them against two zero-day vulnerabilities that attackers are actively exploiting in the wild to take complete control of devices. While there's no need to panic, security experts advise moving quickly.
Hybrid war includes cyberattacks, critical infrastructure attacks and efforts to get information. Victoria Beckman, director of Microsoft's Digital Crimes Unit in the Americas, says Ukraine used a national cybersecurity strategy to withstand such attacks from Russia and so can other countries.
Security executives at Black Hat USA 2022 discuss the latest cybersecurity trends from confidential computing and unified threat hunting languages to attack surface management and recovery services, social engineering campaigns and blockchain vulnerabilities.
In this episode of "Cybersecurity Unplugged," Apiiro's Moshe Zioni, vice president of security research, discusses the company's "Secrets Insights 2022" report on the real-world risks of hardcoded secrets across the software supply chain and how to mitigate the potential damage they can cause.
More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk. The fix is part of the operating system giant's newest Patch Tuesday dump, which includes patches for 141 flaws.
Virtualization giant VMware is warning users to immediately patch a range of its access and identity management products now that researchers have published proof of concept code for exploiting an authentication bypass. The company says it has yet to see in-the-wild attacks using the exploit.
This edition of the ISMG Security Report analyzes the latest ransomware trends from the European Union Agency for Cybersecurity, findings from the first-ever Cyber Safety Review Board on the Log4j incident, and how security and privacy leaders are harmonizing new U.S. privacy laws.
Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
Atlassian released a patch for a critical vulnerability in its workspace collaboration tool Confluence stemming from hard-coded credentials. The Australian company found no evidence of exploitation of the flaw that allows remote, unauthenticated attackers access to vulnerable servers.
Researchers at BitSight say a common GPS tracker used in fleet management by organizations around the globe could be used by hackers to abruptly stop vehicles on highways or disable a car for ransom. Chinese manufacturer MiCODUS hasn't responded to researchers or U.S. officials.
Microsoft's July Patch Tuesday addresses 84 new security flaws. At the top of this month's "patch me first" list is CVE-2022-22047, a zero-day vulnerability that has been actively exploited in the wild. Also, Windows Autopatch rolls out this month.