Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available. Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.
Researchers say a pro-China influence operation leveraging a network of fake social media accounts has expanded, promoting in-person protests and narratives around COVID-19 and U.S. domestic policy, according to Mandiant, which does not definitively attribute the activity to the Chinese government.
New Zealand's Computer Emergency Response Team says it is aware of ongoing distributed denial-of-service attacks that have disrupted services at several organizations in the country, including some financial institutions and the national postal service.
The U.S. SEC in a new advisory warns against schemes targeting digital assets. Security experts say that with social engineering attempts on the rise, individuals and organizations must defend against related scams and other "get rich quick" schemes.
Orchestration and automation have shifted from "nice to have" to "must-have" in the enterprise - particularly post-breach, says Christine Vanderpool, CISO at Florida Crystals Corp. She and Splunk's Ryan Kovar share insights and tips on how to get maximum value from these emerging technologies.
Google has identified three critical vulnerabilities affecting several Netgear smart switch products that, if exploited, give the attacker complete control over the compromised device. Netgear has issued a security advisory confirming that it has issued patches for 20 impacted products.
Cyberespionage breaches take longer to discover than financial breaches. One of the biggest clues to finding them lies in understanding suspicious network traffic. John Grim of the Verizon Threat Research Advisory Center shares insight from a new study of cyberespionage trends.
A Russian citizen, alleged to be working as a developer for the malware-spreading organization Trickbot, reportedly has been arrested at Seoul-Incheon International Airport. He was questioned by Korean authorities following an extradition request from the U.S.
Key challenges from the recent State of Cybersecurity 2021 report include "integrating risk with maturity and keeping up with industry trends," says Jenai Marinkovic, member of the ISACA Emerging Trends Working Group.
An Australian software engineer warns that he was able to create a fake digital COVID-19 vaccine certificate via the government's Express Medicare Plus app, and that the agency in charge has so far failed to acknowledge his bug report. He recommends Australia instead copy the EU's QR code system.
Ireland's cybercrime police, the Garda National Cyber Crime Bureau, have conducted a "significant disruption operation" targeting the IT infrastructure of a cybercrime group, seizing multiple domains used in a May ransomware attack that disrupted Ireland’s national health services provider.
SEC Consult reportedly found multiple vulnerabilities in Moxa devices used in critical infrastructures including railways, manufacturing, cellular and heavy industries. Moxa has confirmed patching 60 vulnerabilities in its latest firmware update and issued mitigation advice for discontinued devices.
Cisco has released an urgent software update to fix a critical authentication bug that can allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator.
Voip Unlimited and Voipfone, two Voice over Internet Protocol-based telecom companies in the U.K., report being victims of ongoing distributed denial-of-service attacks that have disrupted services.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.