A security researcher has found a significant flaw all versions of Docker, an open source container platform, that can give attackers read and write access to all the files within the host system, allowing them to execute arbitrary code. As of now, there's no patch available.
Chinese telecom giant Huawei has taken another legal step in its effort to overturn a ban on U.S. government agencies buying its telecom equipment and services.
Reports that the city of Baltimore was attacked using a vulnerability in Windows originally stockpiled by the National Security Agency have triggered a blame game. Cybersecurity watchers are debating attacker culpability, patch management prowess and zero-day stockpiling.
A security researcher warns that nearly 1 million devices running older versions of Microsoft Windows remain vulnerable to a recently discovered flaw in Microsoft's Remote Desktop Protocol service that could enable attackers to use a worm-like exploit to take over unpatched machines.
Unified endpoint management (UEM) exists because devices have grown in number, variety and complexity of how they're being used in the workplace. So how should IT & Security leaders approach UEM?
Download this exclusive eBook on UEM ROI and learn about:
The emergence of the UEM market;
Top questions security...
The U.S. Commerce Department will offer a 90-day reprieve to a handful of companies that conduct business with Huawei before the Trump administration's ban on the use of the Chinese company's technologies fully kicks in, the Wall Street Journal reports. Meanwhile, Google announces it will continue to work with Huawei.
End point detection and response (EDR) implementation can be a time-consuming process that requires specialized skills. But it generates finely detailed technical data about every aspect of an end point, which helps in enhancing security. Although deploying EDR could be impractical for organizations that have small IT...
The Department of Homeland Security is warning that Chinese-made drones could be sending sensitive data back to their manufacturers, where it can be accessed by the government, according to news reports.
After the Trump administration last week blacklisted Huawei amid rising trade tensions, Google says it has canceled the Chinese smartphone giant's Android license. Many chipmakers and other technology firms have also said they will cease or at least pause the sharing of software, hardware and services.
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.
U.S. President Donald Trump on Wednesday signed a long-expected executive order that bans the purchase of telecommunication equipment from nations deemed to pose a spying risk. Also, Huawei was banned by the Commerce Department from buying U.S. components without obtaining a license first.
Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
In today's environment of distributed IT solutions, hardware security modules (HSMs) - which safeguard a company's encryption keys - are often housed in remote data centers, making HSM management challenging and making it costly to access information about this mission-critical security hardware.
Download this...
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.