Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
APT41, an attack group connected to China, has been running a broad campaign using public exploits and flaws to target companies in 20 countries.
Organizations collecting and maintaining personal information about California and New York residents should be paying attention as the data security element of New York's SHIELD Act goes into effect and the California Attorney General releases a second set of modifications on regulations on implementing CCPA.
A buffer overflow in the memcached tool has been patched after a public disclosure of the details and proof-of-concept exploit code.
Ransomware attacks are on the rise, and the in-house breach investigations team at insurance company Beazley Group said there were 131 percent more ransomware attacks against its customers in 2019 than was in 2018. The spike in attacks were most evident in healthcare, professional services, and financial services.
Wade Baker and David Severski of the Cyentia Institute join Dennis Fisher to discuss the findings from their new Information Risk Insights Study into the risk and cost of security breaches across industries.
Two new Windows vulnerabilities related to the Adobe Type Manager library are being exploited in targeted attacks.
Google is turning on its Play Protect app scanning feature automatically and changing which apps can be installed on Android devices associated with Advanced Protection Program accounts.
Many security leaders rely on a cost-per-record metric to calculate the costs of a security incident. The latest research from Cyentia Institute using Advisen data shows estimates based on that metric are frequently inaccurate.
Ransomware attackers tend to deploy their payloads at night and on weekends, when IT resources are scarce and security teams may be less active.
Jo Van Bulck of KU Leuven joins Dennis Fisher to discuss the new load value injection attacks on processors.
With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect networks, systems, data, and people. One challenge: recognizing clues that something is wrong when nothing looks normal.
A critical flaw in VMware Fusion and Workstation could allow an attacker to run arbitrary code on the host from the guest.
The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.
More senators are expressing support for the EARN IT Act despite its serious threat to encrypted services and user privacy.