Researchers at Eclypsium have revealed new details concerning a significant flaw in Intel's PMx driver, which they say could give attackers "near-omnipotent" control over devices. Intel has released an updated version of the driver, a key step in mitigating risks.
Now that security researchers have located the first exploits that take advantage of the BlueKeep vulnerability in Windows, Microsoft is warning users to apply patches the company issued for this flaw before more dangerous exploits merge.
Two new security incidents demonstrate how easily millions of customer records can be exposed. Researchers found an unsecured database containing records of customers of Adobe Creative Cloud. And Italy's UniCredit bank announced a "data incident" that exposed a file containing customer records.
A security researcher has uncovered what may rank as one of the most significant iOS weaknesses ever discovered: a flaw that enables bypassing the security protections present in most Apple mobile devices. While the vulnerability can't be patched, an attacker would need physical access to exploit it.
The U.S. electric grid is growing increasingly vulnerable to cyberattacks from countries such as Russia, and a well carried out attack on the grid could cause widespread power outages, according to a new GAO audit. Industrial control systems are particularly vulnerable.
The crypotmining botnet Smominru, which has been around since at least 2017, has resurfaced with a new campaign that has infected 90,000 devices worldwide, including in the U.S., China and Russia, according to security analysts at Guardicore.
Earlier this year, intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, but there was no disruption in electricity service, according a recently released report. The incident illustrates potential weaknesses in the power grid.
A new weaponized proof-of-concept exploit for the BlueKeep vulnerability in Windows has been released by researchers at Rapid7 and Metasploit in an effort to help create a sense of urgency to patch the flaw.
Bills now being considered in the Congress would make the Department of Homeland Security's Continuous Diagnostics and Mitigation Program available to all federal agencies and provide services to state and local governments to help them address cybersecurity challenges.
Within a month, the U.S. Department of Homeland Security hopes to launch a program to help states protect voter registration databases and systems in advance of the 2020 presidential election. Security experts say that in light of recent ransomware attacks against units of government, the effort is overdue.
Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords. The exploits come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May.
Ransomware-wielding attackers continue to target not just big businesses and large government agencies, but increasingly their smaller counterparts too. In Texas, officials say a campaign tied to a "single threat actor" infected 22 local government agencies on Friday.
Progressive companies seeking to improve their security are increasingly adopting bug bounty programs. The theory is that rewarding outside researchers improves security outcomes. But in practice, bug bounty programs can be messy and actually create perverse incentives, says bug-hunting expert Katie Moussouris.