Displaying items by tag: Vulnerability

iTWireTV: Special guest Qualys CEO Sumedh Thakar tells us about the company's new cloud-based Risk Operations Centre, or ROC.

Cybersecurity platform KnowBe4 has released its Q3 2024 Phishing Report findings revealing that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally.

Many security experts say a breach is only a matter of "when" not "if". Imagine the sinking feeling of finding out your company has been compromised in this way. However, you can be proactive in defending yourself, and Qualys CTSO and VP solutions architect EMEA and APAC Richard Sorosina brings practical advice to help.

Google has issued a patch for the fifth zero-day flaw in its Chrome browser this year, preventing attackers from executing malicious code on users' devices.

COMPANY NEWS:

• Elevation of Privilege is the top vulnerability category for the fourth year running, accounting for 40% of all Microsoft vulnerabilities in 2023
• Total vulnerabilities maintain 4-year holding pattern near record highs

GUEST RESEARCH: As the healthcare sector moves to digitise processes and data there is an increase in adoption of technology in the workplace, challenging IT professionals to manage diverse portfolios of devices and significant security concerns. New global research from SOTI, The Technology Lifeline: Charting Digital Progress in Healthcare, highlights the scale of security risks, with 78% of global healthcare providers offering frontline services experiencing at least one data breach since 2021.

IThe Imperva Red Team recently discovered a vulnerability in TikTok that could allow attackers to monitor users' activity on both mobile and desktop devices.

The ‘covered list’ contains equipment and services deemed to pose an unacceptable risk to the national security of the United States and should be removed from any government infrastructure.

GUEST RESEARCH: Rapid7, Inc. today announced the release of its latest Vulnerability Intelligence Report examining 50 of the most notable security vulnerabilities and high-impact cyberattacks in 2022.

GUEST RESEARCH: Rapid7, Inc. today announced the release of its latest Vulnerability Intelligence Report examining 50 of the most notable security vulnerabilities and high-impact cyberattacks in 2022.

GUEST INTERVIEW: We live in a time of cyber war, with businesses under constant attack, with ransomware running riot, with COVID providing chaos and cover for cyber criminals to extort and blackmail, but the bad guys aren't the only ones on the playing field: Secureworks and other security firms are working hard to fight back to keep businesses and individuals protected.

Apple has pushed out a second update to iOS 15 and iPadOS 15 less than two weeks after the first, which in turn arrived less than a fortnight after the debut of the latest versions of Apple's mobile operating systems. watchOS 8 has also been updated.

Claroty security researchers have disclosed three vulnerabilities in Honeywell's Experion PKS distributed content system which permit an attacker to execute malicious code, disrupt business processes, and perform denial of service attacks. Honeywell has issued patches.

GitHub today announced its suite of supply chain features is now available for the Go programming language. This includes the GitHub security database with over 150 Go advisories, Dependabot alerts and updates, and dependency graph which provides information to alert for vulnerable dependencies.

McAfee's Enterprise Advanced Threat Research (ATR) team have released a vulnerability disclosure for the Peloton Bike+ to gain remote access to the bike's tablet, camera, microphone and personal data - how did they do it? 

Although it has just been over three weeks since the last updates for the iPhone, iPad and Apple Watch, and in the last update, Apple TV's tvOS too, another update is out to defeat this vulnerability which "may have been actively exploited."

The number of APT groups "exploiting the latest Exchange vulnerabilities grows, with thousands of email servers under siege" according to security company ESET.

A memory corruption issue that could see maliciously crafted web content being processed may lead to arbitrary code execution on all those platforms has seen an update being made available today.

Microsoft has released an additional patch to fix the Zerologon vulnerability that surfaced last year, having first issued a patch for the flaw in August 2020 and then updated it the following month.

GUEST OPINION: Reports suggest that cyber criminals have been more active than ever during the global pandemic, seeing the state of general upheaval as an opportunity to evolve and find new attack vectors.