Vulnerabilities Archives - Page 50 of 85

Third-Party IoT Vulnerabilities: We Need a Cybersecurity Paradigm Shift

Issued by: Dark Reading

The discovery of the Ripple20 vulnerabilities, affecting hundreds of millions of Internet of Things (IoT) devices, is the latest reminder of the dangers that third-party bugs pose to connected devices. Although the estimated 31 billion IoT devices in the world perform a vast array of crucial functions — powering lifesaving medical tools, facilitating efficient transportation,…

Vulnerabilities

The crypto-agility mandate, and how to get there

Issued by: Help Net Security

To achieve long-term data protection in today’s fast-changing and uncertain world, companies need the ability to respond quickly to unforeseen events. Threats like quantum computing are getting more real while cryptographic algorithms are subject to decay or compromise. Without the ability to identify, manage and replace vulnerable keys and certificates quickly and easily, companies are…

Vulnerabilities

USB storage devices: Convenient security nightmares

Issued by: Help Net Security

There’s no denying the convenience of USB media. From hard drives and flash drives to a wide range of other devices, they offer a fast, simple way to transport, share and store data. However, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare, with data leakage, theft, and…

Vulnerabilities

What is the Risk Management Framework (RMF)? A standardized security framework from the DoD

Issued by: CIO Security

The Risk Management Framework (RMF) was first developed by the Department of Defense (DoD) to act as criteria for strengthening and standardizing the risk management process of information security organizations. The framework later became widely adopted by the rest of the U.S. federal information systems in 2010. While originally developed by the DoD, the National…

Vulnerabilities

Researchers discover how to pinpoint the location of a malicious drone operator

Issued by: Help Net Security

Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone. Drones (small commercial unmanned aerial systems) pose significant security risks due to their agility, accessibility and…

Vulnerabilities

Protecting high-value research data from nation-state attackers

Issued by: CSO

Joint NCSC-DHS-CISA advisories and a warning from the FBI have recently highlighted activities of nation-state-backed groups targeting organizations focused on COVID-19 research. The goal is to obtain information for their domestic COVID-19 research efforts. Security leaders at research organizations need to better understand the motivations and methods of these attackers. That will allow them to…

Vulnerabilities

Microsoft fixes two RCE flaws affecting Windows 10 machines

Issued by: Help Net Security

Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. The vulnerabilities Both flaws – CVE-2020-1425 and CVE-2020-1457 – arose because of the way the Microsoft Windows Codecs Library handled objects in memory. CVE-2020-1425 could allow attackers to obtain information to further compromise the…

Vulnerabilities

Key cybersecurity industry challenges in the next five years

Issued by: Help Net Security

Pete Herzog, Managing Director at ISECOM, is so sure that artificial intelligence could be the biggest security problem to solve and the biggest answer to the privacy problem that he cofounded a company, Urvin.ai, with an eclectic group of coders and scientists to explore this. AI (and machine learning with it) is like a naive…

Vulnerabilities

Zoom Got Big Fast. Then Videobombers Made It Rework Security

Issued by: Security Week

Back in March as the coronavirus pandemic gathered steam in the U.S., a largely unheralded video-conferencing service suddenly found itself in the spotlight. And just as quickly as Zoom became a household name for connecting work colleagues, church and school groups, friends, family, book clubs and others during stay-at-home lockdowns, it also gained a reputation…

Vulnerabilities

Does analyzing employee emails run afoul of the GDPR?

Issued by: Help Net Security

A desire to remain compliant with the European Union’s General Data Protection Regulation (GDPR) and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. This is understandable, as GDPR non-compliance pay lead to stiff penalties. At the same time, new technologies are applying artificial intelligence…