Microsoft has exposed two significant vulnerabilities in Rockwell Automation’s PanelView Plus devices that could be exploited by attackers to execute remote code and launch denial-of-service attacks.
Secator is an open-source task and workflow runner designed for security assessments to streamline the use of various security tools for pen testers and security researchers.
Recent discoveries have unveiled severe vulnerabilities within CocoaPods, a dependency manager essential for iOS and macOS application development. These security flaws could lead to significant supply chain attacks, jeopardizing numerous applications. The exploit allows attackers to alter the software update process, inserting harmful payloads into applications. Developers must remain vigilant and adopt robust security practices […]
Researchers have identified a new ransomware group called Volcano Demon responsible for two recent successful attacks on companies in the manufacturing and logistics sectors.
In the early part of 2024, the FakeBat loader, also known as EugenLoader or PaykLoader, emerged as a significant threat utilizing the drive-by download technique to spread malware.
The US Department of Health and Human Services has levied a fine of $950,000 from the Heritage Valley Health System in Pennsylvania. It must address potential HIPAA violations after a ransomware attack in 2017.
Industry groups are seeking further clarification on delegation processes and want a clear statement that covered entities without a business associate relationship with Change Healthcare are not obliged to notify patients.
According to a survey by Rockwell Automation, vehicle and automotive supply manufacturers ranked cybersecurity as their biggest external concern. Cyberattacks resulted in $11.8 billion in damages during the first half of 2023 alone.
Hackers are using polyglot files, which can fit into multiple file formats and evade detection by endpoint detection and response systems. Research indicates that some commercial EDR tools have a 0% detection rate for malicious polyglots.
The ruling may lead to legal challenges against recent cybersecurity regulations, including the 2023 cyber incident reporting requirements by the Securities and Exchange Commission (SEC).