The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.
Cyber criminals are targeting vulnerable software and gaps in managed service providers' (MSP) security systems to distribute Sodin ransomware.
Quest Diagnostics has confirmed an unauthorized user gained access to a third party billing service system to potentially access personal data on nearly 12 million patients.
A new security report highlights some of the risks organizations face when moving to the cloud and potential configuration vulnerabilities.
Security researchers from Trend Micro have uncovered a Magecart skimming attack that targeted 201 online campus stores in the United States and Canada.
Cybercrime investigative journalist Brian Krebs reports the Indian IT outsourcing and consulting company Wipro has been hacked. Multiple sources had informed Krebs that attackers breached Wipro's internal IT systems and then used those systems to then launch attacks against Wipro's customers.
Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.
A government report revealed that the Federal Emergency Management Agency (FEMA) did not safeguard disaster survivor's personal data on up to 2.3 million people. FEMA shared the sensitive personally identifiable information (SPII) with a third party.
Drupal has released a critical security update to address a vulnerability in Drupal 7.x, 8.5.x and 8.6.x. The vulnerability is rated critical and impacts third party libraries.
The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy."