Security researchers spotted a previously undetected PowerShell backdoor disguising itself as part of the Windows update process that appears to have infected at least 69 victims. When SafeBreach Labs ran obfuscated scripts downloaded by the backdoor through VirusTotal, they came back as clean.
Certificate heavyweight DigiCert has landed Zscaler second-in-command Amit Sinha as its new leader and tasked him with boosting trust around connected device and user authentication. DigiCert brought in Sinha following a 12-year stint at Zscaler, where he became company president and a board member.
Multifactor authentication needs to move away from one-time passwords sent via text message and embrace modern standards that prevent man-in-the-middle attacks. Plus, excessive identity challenges online lead to 20% of e-commerce transactions being abandoned, say experts at Authenticate 2022.
A European ring of auto thieves used software branded as a diagnostic tool to perform fobless thefts of cars made by two French manufacturers. It looks as if the thieves found a vulnerability in the electronic control unit governing the authorization of new key fobs.
Multifactor authentication should be the default, not an option, says U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly. She told an industry conference that vendors should "forcefully nudge" users into MFA and offer a more complete feature set for users who want it.
Multifactor authentication was supposed to be the standard, but the sharp rise in highly successful MFA bypass attacks shows the industry needs to go further in verifying identities. Keynote speakers at Authenticate 2022 said the future of passwordless technology could answer this latest threat.
Probe deep enough into a once-obscure subsystem in the Windows operating system called the Common Log File System and you might come out the other end with system privileges. Researchers on Zscaler’s ThreatLabz research team say the root cause of a recent CLFS zero-day resides in base file metadata.
Security flaws in a vital signs monitoring device from a China-based manufacturer could allow hackers to launch an attack that spreads to all other devices connected to the same network. This is among the most serious security issues involving medical devices, says Jason Sinchak of Level Nine.
The Biden administration will put more critical infrastructure sectors, such as water, under mandates to ensure minimal cybersecurity standards. The White House is also ramping up interest in consumer cybersecurity by initiating a labeling program for the internet of things.
CEO Yotam Segev says Cyera eschews the focus of data loss prevention tools on blocking users from pulling down data and instead embraces an approach that reduces friction. Cyera has sought to safeguard data by making preventative changes in areas like configuration, permissions and security posture.
Security operations stalwart Arctic Wolf has taken on more than $400 million in debt to pursue acquisitions in the cloud, SIEM, endpoint and XDR markets. The money will fuel an upcoming launch in the Asia-Pacific region and expansion in markets such as South Africa, Benelux and the Nordics.
If exploited, a hard-coded credential vulnerability in certain BD medical laboratory equipment used for cancer screenings could allow an attacker to access, modify or delete sensitive patient information, the manufacturer and federal authorities warn.
A claim Wednesday by high-profile security researcher Kevin Beaumont that video doorbell manufacturer Ring was experiencing a security issue sent Twitter atwitter. Amazon says some users experienced logon issues due to a back-end system error made during a routine system update.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.