Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released. More about the new Windows zero-days According…

Today is the second Tuesday of the month, and Microsoft is right on schedule with 59 security fixes, nine of which are considered Critical in severity. None of the vulnerablities were previously known or exploited, and 49 are ranked Important and one as Moderate. The latest release affects Windows, Internet Explorer, Edge, ChakraCore, Microsoft Office…

Information from satellites fuel a great deal of today’s technology, from the intelligence gathering conducted by nation-states, to the global positioning system used for vehicle navigation, to the targeting used by “smart” weapons. Little surprise, then, that cybersecurity and policy experts worry that the relative insecurity of satellite systems open them to attack. In a…

Dental and vision insurance provider and administrator Dominion National has begun notifying patients of a data breach of its systems that apparently dates back to August 2010. The insurer said an incident investigation that began on April 24, 2019, led to the discovery that its servers had been compromised in an attack that began nearly…

Legacy infrastructures and unmanaged devices top security risks in the healthcare industry

The proliferation of healthcare IoT devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal personally identifiable information (PII) and protected health information (PHI), in addition to disrupting healthcare delivery processes. Published in the Vectra 2019…

7 Serious IoT Vulnerabilities

The security of Internet of Things (IoT) devices, especially those intended for consumer use, tends to fall on a spectrum between “serious concern” and “industry joke.” Yet the fact is that a growing number of employees have various IoT devices in their homes — where they also could be connecting to an enterprise network to…

Why Enterprises Still Have to Worry about Eavesdropping

When one thinks about eavesdropping, a mental image of a shadowy stranger, hiding behind a corner and listening in on others’ conversations may come to mind. With the rise of VoIP calling, however, enterprises became aware of digital eavesdropping that impacted their corporate business calls. Now, though, much of the concern surrounding eavesdropping has been…

Oracle Patches Record 334 Vulnerabilities in July 2018

Oracle this week released its July 2018 set of patches to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication. This month, 23 products from the enterprise security giant were patched, including…