Microsoft is shutting a couple of security holes, including one that has been a favored target of attackers for years and another that the enterprise software giant recently learned could be exploited to install a malicious package. At the same time, the federal government is now adding another Microsoft flaw to its list of known […]
Tens of thousands of applications that are critical to the operations of data centers around the globe are exposed to the internet, with many secured with default factory passwords, posing a significant cyber risk to enterprises worldwide. Researchers with cybersecurity firm Cyble this week said that along with the public-facing data center infrastructure management (DCIM) […]
Video conferencing vendor Zoom has seen its fortunes soar amid the remote work boom of the last two years, and other cloud collaboration platforms like Microsoft Teams and Cisco Webex have seen demand skyrocket too. The sharp increase in demand put a focus on security shortcomings in Zoom’s architecture – “Zoombombing” became a thing – […]
Microsoft in November fended off a massive distributed denial-of-service (DDoS) attack in its Azure cloud that officials said was the largest ever recorded, the latest in a wave of record attacks that washed over the IT industry in the second half of 2021. The enterprise software and cloud giant said in a blog post this […]
The Biden Administration is pushing federal agencies to adopt a zero-trust security architecture to protect themselves and their data from “increasingly sophisticated and persistent threat campaigns,” according to a new strategy issued this week by the Office of Management and Budget (OMB). According to the White House order, agencies have until the end of the […]
An easily exploited flaw in a program found in every major Linux distribution is the latest serious security issue that has arisen in the open-source space in recent weeks. Researchers at cybersecurity vendor Qualys this week disclosed the memory corruption vulnerability in polkit’s pkexec, which if exploited by a bad actor can enable an unprivileged […]
The U.S. government agency overseeing cybersecurity is urging the country’s businesses and other organizations to take the necessary steps to protect their networks from any spillover that might occur from the ongoing cyberattacks aimed at Ukraine government agencies and private companies. In an alert issued this week, the Cybersecurity and Infrastructure Security Agency (CISA) cited […]
Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. According to a report by CrowdStrike, there was a 35 percent year-over year growth in 2021 of malware targeting these devices, and the XorDDoS, Mirai and Mozi […]
Security researchers are continuing to see state-supported hacking groups developing tools to leverage the high-profile Log4j vulnerability that exploded onto the scene last month even as the White House and other parts of the federal government look for ways to get ahead of the threat. Check Point Software’s researchers said this week that the Iran-backed […]
U.S. federal security agencies are putting companies on alert to potential threats from Russian state-sponsored cybercriminal groups, warning in particular about dangers to critical infrastructure and urging organizations to learn how to detect and protect against attacks. The joint cybersecurity advisory issued Jan. 11 by the FBI, National Security Agency (NSA) and Cybersecurity and Infrastructure […]
Subscribe to Cybersecurity Insider for top news, trends & analysis