Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
The latest edition of the ISMG Security Report analyzes the FBI takedown of DeepDotWeb, a dark net portal. Also featured are discussions on healthcare app security and the repercussions of poor coding security.
A Chinese hacking group was using exploits and tools developed by the NSA months before the tools were released by another group, Symantec says in a new report. The surprising report deepens the mystery around an extraordinary situation in which the U.S.'s most effective cyberweapons were compromised.
With today's challenges from an increasingly hostile threat landscape, combined with a lack of people, expertise, and budget, organizations are driving toward optimizing their SIEM and SOAR solutions in order to get the highest return their investment. Of the greatest areas of unmet need with SIEM and SOAR solutions,...
New exploits released online that target long-known configuration weaknesses in SAP's NetWeaver platform could pose risks to payroll, invoicing and manufacturing processes, according to researchers at Onapsis. As many as 50,000 companies could be vulnerable.
JustDial had a second major leak of user information, claims an independent security researcher who earlier this month said he discovered a security loophole in the Mumbai-based hyperlocal search engine. But the company says it has fixed this second vulnerability.
Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users. But the breach has caused a collective gasp because it potentially magnifies risks for enterprises.
Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items.
Four unprotected application program interfaces for JustDial, a local search engine in India, are leaking the personally identifiable information of its more than 100 million customers in real time, says an independent security researcher who discovered the vulnerability.
When it comes to browser security, one mistake made by consumers and enterprise alike is that they see the browser as a one-way window into the internet. The reality is quite different - and potentially costly if overlooked, says Pieter Arntz of Malwarebytes.
The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys.
Ex-black hat Alissa Knight recently joined Aite Group's new cybersecurity practice, and among her first tasks: a hard look at the security of major financial institutions' mobile banking apps. The results may surprise you.
Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to...