Software vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.
Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
Apple has taken an extraordinary move to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. It released a silent update to remove a vulnerable left-behind local web server, which likely has a remote code execution flaw.
Cybersecurity firm McAfee is reportedly planning a return to the public market, eyeing an IPO that could happen as early as later this year, raise $1 billion and value the company at $5 billion, The Wall Street Journal reports. The news comes amid a record volume of technology sector IPOs, including for Crowdstrike.
Sensitive information, including credit card and phone numbers, was left exposed to the internet on an unsecured database belonging to Fieldwork Software, which provides cloud-based services to small businesses, researchers note in a new report.
The traditional IAM strategy has been to tie individual users with a unique device. But that doesn't work in healthcare settings, where doctors and nurses often share multiple devices. Jigar Kadakia of Partners HealthCare talks about how he approaches this critical challenge.
Encouraged by the moves of medical device manufacturers, Jennings Aske, CISO of NY Presbyterian Hospital, says the "state of the union" of medical device security has improved dramatically. But what more is needed to mitigate risks?
The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security.
Findings from researchers who hacked Croatia-based vendor Zipato's smart hub controllers, which can manage networked locks, lights and security cameras, underscore the risks that can accompany home automation devices. "Smart home" vendor Zipato says it's fixed the flaws.
A recent $3 million bank heist in Bangladesh is likely the handiwork of "Silence," a Russian-speaking gang known for its slow and methodical attacks against banks and ATMs, according to an analysis by security firm Group-IB.
Semiconductor manufacturing giant Broadcom is looking to purchase endpoint security firm Symantec, Bloomberg reports, noting that while discussions are at an advanced stage, no terms have been disclosed and no deal is guaranteed.
D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices. The terms of the settlement may serve as a warning to IoT makers to get their security checks in order.
Sophos is the latest security firm to create a proof-of-concept exploit for the BlueKeep vulnerability in older versions of Windows. The company echoed several government agencies that have urged businesses to patch their devices.