Azure flaw exposes enterprise databases, raising questions on cloud security

The flaw dates back to 2019, when Microsoft added a data-visualization feature called Jupyter Notebook to the Cosmos DB, Wiz researchers said.

By David Jones • Aug. 30, 2021

More threats target Linux, a foundation for the cloud, report finds

As enterprises embrace cloud, malicious actors are finding sophisticated methods to threaten users for computing power and data theft. 

By David Jones • Aug. 25, 2021

Microsoft Exchange vulnerabilities targeted in ProxyShell attacks

Conti affiliates are now using ProxyShell exploits to target organizations during ransomware attacks, researchers found. 

By David Jones • Updated Sept. 7, 2021

Men more likely to engage in risky online behavior: report

Male employees are three times as likely to click on phishing emails, forget passwords or stream pirated content, SecurityAdvisor's research shows. 

By David Jones • Aug. 20, 2021

FDA warns of BlackBerry OS vulnerability in medical devices

The OS is often deployed in cardiac and patient monitors, drug infusion pumps, imaging, and surgical robots, according to the CEO of security consultancy Harbor Labs.

By Greg Slabodkin • Aug. 19, 2021

The most vulnerable ICS assets: operations management

A vulnerability's complexity is irrelevant if an exploit exists to sidestep security layers.

By Samantha Schwartz • Aug. 18, 2021

Up to 83M IoT devices at risk of remote access

With a risk score of 9.6 out of 10, the ThroughTek "Kalay" vulnerability could allow malicious actors to watch real-time video or gain access to credentials usable in future attacks.

By David Jones • Aug. 18, 2021

How much does phishing really cost the enterprise?

Ransomware and business email compromise are adding layers of risk, slowing productivity at U.S. companies.

By David Jones • Aug. 17, 2021

Researchers withholding vulnerabilities can create path to supply chain hacks

Bug bounty programs incentivize researchers to fully develop vulnerabilities by offering higher payouts. But that can create risk for the enterprise, Corellium's Matt Tait said.

By Samantha Schwartz • Aug. 5, 2021

Decade-old router flaw allows cross-network access, Tenable finds

Threat actors are actively exploiting the vulnerability, which impacts millions of devices across 11 countries and raises questions about the extent of undiscovered supply chain weaknesses.

By David Jones • Updated Aug. 10, 2021

A security expert's guide to the top-exploited vulnerabilities

The biggest and baddest ransomware groups love an easy vulnerability.

By Samantha Schwartz • Aug. 4, 2021

Security leaders don't control budgets, even with mounting threats

The majority of security leaders say their budget is insufficient to invest in the right technologies, research from LogRhythm and Ponemon Institute shows.

By Jen A. Miller • July 29, 2021

How 3 critical infrastructure security executives manage vulnerabilities

Assessment of risk and strategy depends on the technologies or services companies use for vulnerability alerts, according to executives during a Dragos webcast.

By Samantha Schwartz • July 26, 2021

Lack of visibility leaves critical infrastructure vulnerable to ransomware

Corporate executives approve massive payouts to attackers because they see few options to quickly restore business operations, according to security experts.

By David Jones • July 22, 2021

WFH shift tests resilience of financial services amid surge in phishing, ransomware

The Financial Stability Board warned the sector must remain vigilant amid new cyber risks and dependence on third-party technologies.

By David Jones • July 16, 2021

Failure to patch could unleash a real (print)nightmare

If the vulnerability remains unpatched, it's a ripe target for malicious actors to escalate privileges and the perfect ingredient for an exploit kit.

By Naomi Eide • Updated Aug. 11, 2021

Kaseya postpones service restoration, apologizes for attack

Outside engineers warned that Kaseya needs additional layers of protection as pre-existing vulnerabilities are revealed.

By David Jones • July 8, 2021

34% of health organizations hit by ransomware last year, report finds

Of those attacked, 65% said the cybercriminals were successful in encrypting their data, according to the report from cybersecurity company Sophos.

By Rebecca Pifer • June 30, 2021

Gaps in DOD supply chain leave Pentagon vulnerable: report

SMBs in the defense industry remain vulnerable to persistent threats, and research shows a large percentage are missing the security basics, including data storage security.

By David Jones • June 24, 2021

Legacy medical devices, growing hacker threats create perfect storm of cybersecurity risks

Hospitals are using more connected devices, many of which were not built with cybersecurity in mind, leaving healthcare organizations highly vulnerable to attacks.

By Greg Slabodkin • June 23, 2021

Attacks against container supply chains grow more sophisticated

Bad actors are finding novel methods of attacking cloud-native environments, raising new security challenges for developers. 

By David Jones • June 21, 2021

VPN exploitation rose in 2020, organizations slow to patch critical flaws

RDP and VPNs will remain a prime target for cybercriminals as remote and hybrid work continue, Trustwave said.

By Samantha Schwartz • June 18, 2021

Critical infrastructure sites face greater cyberthreat amid remote connectivity

Moody's warns oil, electric and other critical infrastructure providers are increasingly attractive targets for ransomware.

By David Jones • June 18, 2021

CISOs, CIOs see heightened mobile security threat amid shift to hybrid

Mobile devices are difficult to secure because of a combination of untrusted personal apps and data stored on the same device, one security expert said.

By David Jones • June 16, 2021

Patched Microsoft Teams vulnerability shows the delicacy of messaging platforms

A researcher said the patched vulnerability could have granted access to files in OneDrive and the ability to execute business email compromise.

By David Jones • June 15, 2021