Companies are ensuring network perimeters are secure against remote attacks but they don't pay the same level of attention to internal threats.
The SIGRed vulnerability can spread malware across a network without user interaction. Microsoft has issued an urgent patch.
New Google Cloud offerings for government provide in-process data encryption and the ability to restrict storage locations, respectively.
Newly discovered vulnerabilities could allow more persistent and destructive attacks on popular models of ATM and POS devices.
The memory corruption flaws exist in a wide range of commercial and consumer devices, and can allow full takeover of them.
Attackers are taking advantage of the Covid-19 crisis to exploit pre-existing and newly introduced vulnerabilities across a wide range of attack points.
Microsoft issues a patch to fix a flaw that could allow compromised non-privileged user accounts to place malicious DLLs on a system.
If left unpatched, these SAP ASE vulnerabilities could give attackers full control of databases and servers.
Left unpatched, this command injection flaw could allow attackers to take control of a virtualised cloud infrastructure.
Some industries have seen increases in cloud-related threat events rise as much as 1,350 per cent since the Covid-19 crisis began.
A new report shows that Android mobile device manufacturers are getting better at patching the OS, but patching levels vary across models and vendors.
Undocumented cloud configuration changes, whether done by attackers or for legitimate business reasons, present a significant security threat.
Cisco and Palo Alto Networks have fixed similar high-risk authentication bypass vulnerabilities in their network security devices.
The rush to enable employees to work from home in response to Covid-19 resulted in more than 1.5 million new RDP servers being exposed to the internet.
Attackers are exploiting two critical vulnerabilities in the popular SaltStack infrastructure automation software to take control of servers.
