The security training authority has confirmed to SC Media that an employee was tricked into downloading malicious code, which then caused emails to be automatically forwarded to the attacker.
With its latest regularly scheduled security update, Microsoft has fixed 120 software vulnerabilities, including 17 critical flaws, one of which is a zero-day bug that has been actively exploited in the wild. Microsoft this year has already eclipsed the total number of patches it issued during all of 2019 — a pace that experts at…
For the August edition of Patch Tuesday, Adobe Systems today supplied fixes for 26 vulnerabilities — 11 critical — in Acrobat and Reader and one in its image organization and manipulation software Lightroom Classic. Nine of the 11 critical flaws can result in arbitrary code execution. Two are caused by out-of-bounds write conditions (CVE-2020-9693, CVE-2020-9694), five are…
The 20 GB data leak shines a spotlight on the need for adequate security standards when working with a network of partners.
Garmin reportedly paid cyber extortionists millions of dollars for access to a decryptor so that the company could restore its services to customers following a July 23 WastedLocker ransomware attack. Meanwhile, a separate ransomware outfit this week reportedly leaked sensitive data lifted from LG and Xerox’s internal networks after attempted negotiations with the two tech…
Strapped for cybersecurity resources, small and medium-size health care providers should outsource electronic medical record (EMR) maintenance, Payment Card Industry (PCI) compliance and threat intelligence gathering to third-party service providers, but risk assessment must still be handled internally, according to Mitchell Parker, CISO at Indiana University Health. Lamenting the recent scourge of ransomware and data…
Prosecutors dropped felony criminal charges against a pair of ethical pen testers arrested while assessing the security of an Iowa courthouse. But the the two men are not ready move on just yet. Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a…
Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information to the public may also want to train themselves be on the lookout for disinformation secretly…
Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms. The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of which can result in arbitrary code execution. The first issue is credited was reported by…
As user organizations move more of their business infrastructure off premises, cybercriminals become increasingly motivated to target Linux-based cloud environments, including Docker servers with misconfigured API ports. And while cryptojacking schemes comprise some of the more conventional varieties of these Linux-based malware attacks, researchers have just disclosed the discovery of a Docker container attack that…
