A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.
U.S. federal authorities are alerting healthcare entities about critical vulnerabilities in two medical device products from manufacturer Baxter. Both flaws can be exploited remotely, potentially jeopardizing patient care. Some experts say such disclosures in general need more attention.
Networking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.
In the latest weekly update, ISMG editors discussed the current state of Secure Access Service Edge solutions in 2024, vulnerabilities in Apple's Wi-Fi-based positioning system, and the patient safety questions arising after a cyberattack hit a U.S. hospital.
Apple's Wi-Fi-based positioning system can be abused to track the live location of various types of devices around the globe, including Starlink routers in war zones, researchers warn. Until Apple puts in place more defenses, they say the system will continue to pose a "large-scale privacy threat."
Cyberattackers are actively exploiting a vulnerability in the NextGen Healthcare Mirth Connect product, an open-source data integration platform widely used by healthcare companies, said CISA in an alert Monday. The flaw, which allows remote code execution, has been known since October 2023.
A maximum-severity bug in Intel's artificial intelligence model compression software can allow hackers to execute arbitrary code on the company's systems that run affected versions. The technology giant has released a fix for the Neural Compressor flaw, which is rated 10 on the CVSS scale.
Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the Qakbot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.
Erika Voss, vice president of information security at DAT Freight & Analytics, discusses the evolving landscape of cybersecurity investment, the critical areas often overlooked by enterprises - including insider threats, and the importance of building a cybersecurity culture within organizations.
Hackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." The vulnerability allows attackers to execute arbitrary commands remotely via the proprietary Home Network Administration Protocol.
A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who say they uncovered a deserialization flaw. Security researchers have long known that hackers sneak malicious code into serialized data.
Verizon executives warned that cyber defenders are struggling with fatigue amid a surge in cyberattacks targeting zero-day exploits and other vulnerabilities. It takes most enterprises nearly 55 days on average to mitigate 50% of critical vulnerabilities once patches become available, the DBIR says.
How do data breaches happen? The latest annual Verizon Data Breach Investigations Report, which aims to help defenders answer that question, points in part to the ever-present threat of ransomware and data extortion and charts a surge in attackers exploiting zero-day and known vulnerabilities.
Boundary devices offering firewall and remote access capabilities remain widely used by many organizations. But unless such appliances are rapidly patched, carefully locked down and also well-monitored, many pose a clear and present enterprise cybersecurity liability, a cyber insurer warns.
Russian military intelligence hackers are using an 18 month-old vulnerability in the Windows print spooler utility to deploy a custom tool that elevates privileges and steals credentials. Microsoft says it's seen post-compromise activities against Ukrainian, European and North American governments.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.