CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.
The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.
Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.
Tammy Klotz took on a new job at a new company and even in a new state in 2020 - and she was charged with both establishing herself and raising the firm's cybersecurity posture. No challenge during a global pandemic, right? Here is how she has begun to pave her way.
A pair of House committees this week said they want to spend additional millions on cybersecurity by injecting funds into CISA and the FTC, as part of the debate over the Biden administration's $3.5 trillion budget proposal for 2022. Part of the money would help fulfill Biden's executive order.
Three former U.S. Intelligence Community and military personnel have agreed to pay more than $1.68 million to settle federal charges for providing hacking-related services to the United Arab Emirates, according to the U.S. Department of Justice.
Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.
A cloud access security broker, usually referred to as a CASB, offers a security gateway between your company’s IT infrastructure and that of a cloud provider. It is a critical tool organizations can use to holistically secure an organization from endpoint to cloud.
Microsoft's September Patch Tuesday security update covers 61 vulnerabilities, with four rated critical. These include a fix for the critical MSHTML Vulnerability Microsoft revealed last week and patches to a Windows scripting engine flaw and a Windows DNS flaw.
An unsecured database belonging to an apparently recently defunct firm exposed 61 million records of wearable health and fitness device users on the internet, say the security researchers who discovered the non-password-protected database in cooperation with the WebsitePlanet research team.
A recently patched flaw in a mobile app allowing N.Y. residents to acquire and store a COVID-19 vaccine credential did not validate user input properly and stored forged verifications, according to security researchers. Experts say similar flaws could have dire consequences.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.