Seven vulnerabilities - including one rated critical and five high-severity - in Schneider Electric's EVlink products have been patched, according to security researcher Tony Nasr. Exploitation of the vulnerabilities would allow attackers to manipulate configurations and settings.
In the U.S., three states now have disparate data privacy laws - and more are coming. Meanwhile, China has enacted a new law that has global enterprises scrambling. How will these and other actions shape privacy discussions in 2022? Noted attorney Lisa Sotto shares insights.
Another Log4j patch has been released by the Apache Software Foundation, the nonprofit supporting Apache's open-source software projects. Its Log4j version 2.17.1 fixes a newly disclosed remote code execution vulnerability tracked as CVE-2021-44832.
U.S. President Joe Biden on Monday signed into law the National Defense Authorization Act for fiscal year 2022, which contains $768 billion in defense spending - 5% more than 2021 - and several cybersecurity provisions, including expansion of the Cybersecurity and Infrastructure Security Agency.
On the cusp of 2022, John Kindervag - the father of the Zero Trust security model - reflects on how the Zero Trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?
SentinelLabs researchers say the new ransomware group Rook used the Babuk APT group's leaked source code to attack financial institutions in Kazakhstan. They warn that Rook is the first of many new ransomware groups that could deploy targeted attacks with Babuk's code.
Microsoft's Azure App Service had a security flaw, which researchers call "NotLegit," that kept your Local Git repository publicly accessible, according to a security blog from Wiz.io. The source code of customer applications written in Java, Node, PHP, Python and Ruby was exposed for four years.
As ransomware attacks continue to pose a significant threat to enterprises and individuals, "We will keep banging the message that basic cyber hygiene makes a big difference to lots of people," says Andy Bates of the Global Cyber Alliance. He also discusses the alliance's top priorities for 2022.
Internet-based photo-sharing and publishing company Shutterfly says a ransomware attack has disrupted some its operations. The company is currently assessing the full scope of damage, but says no financial account information or Social Security numbers have been leaked.
Security researchers have discovered two severe vulnerabilities in a popular WordPress SEO plug-ins used by more than 3 million website owners. If left unpatched, the vulnerabilities could enable an attacker to take advantage of a privilege-escalation bug and an SQL-injection problem.
French IT services firm Inetum Group has confirmed that it was the subject of a ransomware attack last week that disrupted certain operations. The group has ruled out, however, that the incident has any links to the Log4j vulnerability.
As Russia masses troops on its border with Ukraine, the White House says Russian disinformation campaigns have been aimed at destabilizing Ukraine's government, while experts have seen a surge in "cyber intrusions" against infrastructure, banking and government targets in advance of a potential invasion.
Lisa Sotto, partner and chair of the global privacy and cybersecurity practice at Hunton Andrews Kurth LLP, joins three ISMG editors to discuss important cybersecurity and privacy issues, including how U.S. enterprises are harmonizing three disparate privacy laws, and ransomware preparedness.
The latest edition of the ISMG Security Report features an analysis of the most recent developments in the Log4j security flaw crisis, ransomware-era incident response essentials and what to expect from cybersecurity in 2022.
Microsoft Teams' link preview feature contains four vulnerabilities that allow attackers to access internal Microsoft services, spoof the link preview and - for Android users - leak their IP address and use DoS attacks against their Teams app/channels. Three of the four flaws remain unpatched.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.