A remote code execution (RCE) flaw found in Instagram that lets bad actors potentially take over a victim’s phone by sending a malicious image should provide the impetus for organizations to secure third-party apps as well as image files. Researchers from Check Point crashed Mozjpeg, open source software that Instagram uses as a decoder for…
Said Rep. Michael Gallagher, R-Wis., co-chair of the Cyber Solarium Commission: “The private sector is at the front lines of cybersecurity – the main effort. Right now, who do they look to in a crisis?”
The announcement hammers home earlier warnings from bug hunters and cybersecurity experts that attackers would quickly incorporate the flaw into new attacks.
The breach perpetrated by two “rogue employees” who worked on the e-commerce platform’s support team illustrates how certain roles within an organization may require more stringent monitoring.
The devastating Target breach – the result of an earlier attack on the retail giant’s HVAC vendor – wasn’t an anomaly. New research from BlueVoyant found that 92 percent of U.S. organizations suffered a breach in the past 12 months as a result of weakness in their supply chain. When four other countries (the U.K.,…
Google and its subsidiary Chronicle are rolling out new automated threat detection capabilities for its Google Cloud platform to help companies scale up security monitoring for their legacy systems. The product – called Chronicle Detect – has been in the works for some time and Google unveiled some details around certain components earlier this year…
Leaked documents, dubbed the “FinCEN Files,” describe global money laundering of $2 trillion processed by many of the world’s biggest banks between 2000 and 2017. The reveal illuminates the struggle for the financial industry and government to provide ironclad data protection. “This sensational and unprecedented leak clearly demonstrates a wide spectrum of data protection weaknesses…
For medical facilities, and any entity that delivers critical services, the situation places security teams on high alert: ensure adequate training for the workforce and some means of network redundancy or else risk similar tragedy or even potential liability.
Ransomware, insecure internet-facing systems and attacks against cloud-based services are among the top threats facing industry this year, according to new and recent threat intelligence reporting. The Q2 threat report released today by Rapid7 and detailing the latest tools and tactics used in cyber campaigns targeting the private sector, pegged the manufacturing sector as the…
It’s sometimes easier said than done to patch all critical vulnerabilities. There is a time and staffing issue, problems with shutting down critical services to perform updates, and concerns about patches disrupting services.
