The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S. The plan was announced at the Open Source Software Security Summit II in Washington, D.C., on Thursday.
Hundreds of thousands of Konica Minolta printers used in businesses have reportedly been vulnerable to three critical flaws since 2019. Although a patch was available, deployment was delayed as the firmware update required physical access to the printers and COVID-19 made that difficult.
Three of 74 vulnerabilities identified by Microsoft are "critical" as they exploit remote code execution with escalation of privileges. There are also updates for a new NTLM relay attack using an LSARPC flaw, tracked as CVE-2022-26925, which is a Windows LSA spoofing vulnerability.
The Five Eyes alliance of cybersecurity authorities from the U.S., U.K., Australia, New Zealand and Canada issued a warning to managed service providers about targeted attacks, advising MSP customers on how to protect sensitive data and reassess their security posture and contractual agreements.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses the issue of supply chain security and whether you should disclose information about your supply chain to companies as part of the effort to secure it. His conclusion: Build your defenses and trust no one.
A hacking group called Lapsus$ caused major headaches for identity vendor Okta in March when it dropped incriminating but misleading screenshots of a security breach. Brett Winterford of Okta breaks down what happened and discusses why visibility into third-party support operations is important.
The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.
The healthcare industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector's information security resiliency. Errol Weiss of Health-ISAC says the industry as a whole lacks resources.
The Five Eyes intelligence alliance has released a set of the 15 most routinely exploited vulnerabilities in the past year. Nine of the 15 vulnerabilities allow remote code execution, and the rest include privilege escalation, security bypass and path traversal, among other flaws.
AWS has fixed "severe security issues" in hot patches it released last December to address the Log4Shell vulnerability in Java applications and containers. Palo Alto Networks' Unit 42 researchers said containers in server or cluster environments can exploit the patch to take over its underlying host.
VMware's Tom Kellermann is out with Modern Bank Heists 5.0, his latest look at the attackers and attacks targeting financial services. Subtitled "The Escalation," this report looks at the increase in destructive attacks, ransomware and hits on cryptocurrency exchanges. Kellermann shares insights.
Researchers at security firm ESET have found three vulnerabilities affecting Lenovo laptops worldwide and targeting users who work from home. Two of the flaws affect UEFI firmware drivers meant for use only during the manufacturing process of Lenovo notebooks, and one is a memory corruption bug.
During its January cyberattack, Lapsus$ accessed tenants and viewed applications such as Slack and Jira for only two Okta customers. The threat actor actively controlled a single workstation used by a Sitel support engineer for 25 consecutive minutes on Jan. 21, according to a forensic report.
Leon Ravenna, CISO of KAR Global, starts each day on the job with the expectation that this could be his last. That's how urgent cybersecurity has become, and it's in part why he's driven to dispatch the image of the CISO as the bureaucratic "Dr. No."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.
