Over 2,300 North American hospitals and over 3,000 hospitals worldwide are vulnerable to remote code execution or ransomware attacks due to nine newly discovered bugs -- collectively called PwnedPiper -- in Swisslog Healthcare's software for pneumatic tube systems, report Armis security researchers. Swisslog has patched eight of the bugs, and the remaining vulnerability is present only in legacy systems.
Google's efforts to encourage secure browser connections have reportedly been so successful, with 90% of Chrome connections using HTTPS, that the company plans to remove the browser icon that indicates secure connections. Moving forward, Chrome will still show icons for insecure websites, but enterprise customers will be given an option to retain the HTTPS icon in Chrome 93.
Twitter is awarding $3,500 in cash to the person or company with the best way to find where its algorithm for cropping images exhibits bias. The company's Machine Learning Ethics, Transparency and Accountability division created a rubric to decide the winner, and Twitter will make the announcement at the AI Village segment of DEF CON.
A large majority, 87%, of 2,400 business and IT leaders surveyed by MuleSoft say concerns about security and governance slow the pace of innovation at their enterprises. The same share say security concerns are keeping them from giving nontechnical users more access to data.
Consultant and author Neil Raden has a rebuttal to proponents of zero-trust architecture: It's no good because it "makes every employee or external customer a criminal." Raden contends that zero trust "is intrusive and goes too far" and that enterprises "should build the most comprehensive security without clobbering employees, using off-the-shelf decision models and AI."
Hackers who hit video game maker Electronic Arts failed in their extortion attempt, and failed again when nobody wanted to buy the data on the dark web. So the data, including the source code for the FIFA 21 soccer game, reportedly has been dumped onto a crime forum and is available on torrent sites.
Microsoft is warning clients of Office 365 of a "crafty" and "sneakier than usual" email phishing attack scheme, complete with spoofed sender addresses. The cybercriminals are spreading Microsoft branding and using SharePoint "in the display name to entice victims."
The US Department of Homeland Security has been on a "sprint" hiring cybersecurity professionals—but still needs about 1,700 more, officials say. Max Stier, leader of the Partnership for Public Service, recently told a congressional hearing that federal IT employees who are older than 50 outnumber those who are younger than 30 by 16-to-1.
Working from home, whether full-time or part-time, offers employees newfound flexibility, but it also makes organizations increasingly prone to cyberattacks. That means employers need to be diligent about incorporating safeguards such as mobile device management and data leakage prevention.
More than 4.5 million employees and patients were affected by 39 data breaches tracked in July by the US Department of Health and Human Services. HHS requires notification of any breach affecting more than 500 people.
- Page 1