Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent

Microsoft says four Exchange ‘zero-days’ disclosed by ZDI have either already been patched or they don’t require immediate attention.
The post Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent appeared first… Continue reading Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent

Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday

Industry commentary on the SEC lawsuit against SolarWinds and its CISO over cybersecurity and risk handling practices before the massive hack that came to light in late 2020.  
The post Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedba… Continue reading Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday

Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges

VMware’s Threat Analysis Unit finds 34 new vulnerable kernel drivers that can be exploited to alter or erase firmware and escalate privileges.
The post Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges appeared first on Se… Continue reading Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges

iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones

New iLeakage side-channel speculative execution attack exploits Safari to steal sensitive information from Macs and iPhones.
The post iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones appeared first on SecurityWeek.
Continue reading iLeakage Attack Exploits Safari to Steal Sensitive Data From Macs, iPhones

Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

Japanese watchmaking giant Seiko has confirmed that personal information was stolen in a recent ransomware attack.
The post Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Continue reading Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions from each vendor.
The post New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding appeared first on S… Continue reading New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding