A company's Wi-Fi network is an ever-present target for attackers, and the range of risks, particularly in an era of pervasive IoT, continues to grow. Tracie Thompson of HackHunter says rogue access can be difficult to locate and remove.
The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.
The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.
A previously undetected malware variant has infected almost 30,000 Apple Macs. So far, however, researchers have not seen the code, called Silver Sparrow, deliver any malicious payloads to these endpoints, according to a new report.
A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center.
Broken object level authorization, or BOLA, vulnerabilities are among the most common and worrisome weaknesses contained in dozens of mobile health applications used by patients and clinicians, posing security and privacy risks to health information, says cybersecurity researcher Alissa Knight.
Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report.
This edition of the ISMG Security Report features an analysis of the impact of a hacking campaign linked to Russia’s Sandworm that targeted companies using Centreon IT monitoring software. Also featured: a discussion of CIAM trends; a critique of Bloomberg's update on alleged Supermicro supply chain hack.
A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, reports security firm Trend Micro.
Microsoft has patched a 12-year-old vulnerability in Microsoft Defender that, if exploited, could enable nonadministrative users to escalate privilege in the application. The patch was made after security firm SentinelOne recently notified Microsoft about the flaw.