SecurityWeek
Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack
Japanese lens maker Hoya says production processes and ordering systems were disrupted by a cyberattack.
The post Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek.
Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.
The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek.
Cyberattack Causes Disruptions at Omni Hotels
Omni Hotels & Resorts tells customers that recent disruptions have been caused by a cyberattack that forced it to shut down systems.
The post Cyberattack Causes Disruptions at Omni Hotels appeared first on SecurityWeek.
US Cancer Center Data Breach Impacting 800,000
City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information.
The post US Cancer Center Data Breach Impacting 800,000 appeared first on SecurityWeek.
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems
A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system.
The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek.
Cloud Threat Detection Firm Permiso Raises $18 million
Cloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities.
The post Cloud Threat Detection Firm Permiso Raises $18 million appeared first on SecurityWeek.
SurveyLama Data Breach Impacts 4.4 Million Users
Data breach impacting users’ personal information prompts survey rewards platform SurveyLama to reset passwords.
The post SurveyLama Data Breach Impacts 4.4 Million Users appeared first on SecurityWeek.
Pixel Phone Zero-Days Exploited by Forensic Firms
Google this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices.
The post Pixel Phone Zero-Days Exploited by Forensic Firms appeared first on SecurityWeek.
New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset
New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks.
The post New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset appeared first on SecurityWeek.
Microsoft’s Security Chickens Have Come Home to Roost
News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China's audacious Microsoft’s Exchange Online hack and isn't at all surprised by the findings.
The post Microsoft’s Security Chickens Have Come Home to Roost appeared first on SecurityWeek.
Zoom Paid Out $10 Million via Bug Bounty Program Since 2019
Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019.
The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek.
Number of Chinese Devices in US Networks Growing Despite Bans
An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans.
The post Number of Chinese Devices in US Networks Growing Despite Bans appeared first on SecurityWeek.
Know Your Audience When Speaking to Security Practitioners
How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises?
The post Know Your Audience When Speaking to Security Practitioners appeared first on SecurityWeek.
CVE and NVD – A Weak and Fractured Source of Vulnerability Truth
MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done?
The post CVE and NVD – A Weak and Fractured Source of Vulnerability Truth appeared first on SecurityWeek.
Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack
Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials.
The post Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack appeared first on SecurityWeek.
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek.
Missouri County Hit by Ransomware
Jackson County, Missouri, discloses ‘significant disruptions’ to IT systems, says ransomware attack likely at fault.
The post Missouri County Hit by Ransomware appeared first on SecurityWeek.
Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own
Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest.
The post Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own appeared first on SecurityWeek.
XZ Utils Backdoor Attack Brings Another Similar Incident to Light
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.
The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek.
Google Patches Exploited Pixel Vulnerabilities
Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild.
The post Google Patches Exploited Pixel Vulnerabilities appeared first on SecurityWeek.