Two critical vulnerabilities in the Yi IOT XY-3820 smart camera (firmware v6.0.24.10) allow unauthenticated attackers to gain full root access. Both flaws are rated CVSS 9.8 and require immediate mitigation.

Avast released a free decryption tool to assist victims of the Mallox ransomware attacks. Mallox, also known as Fargo, TargetCompany, and Tohnichi, operates under a ransomware-as-a-service business model and targets Microsoft SQL servers.

Three of the vulnerabilities could allow an attacker to send malicious data, intercept credentials sent in clear text, and potentially compromise the entire Fibre Channel infrastructure.

It steals browsers' databases and attempts all Chromium-based browsers that share the same structure of databases and also will explore Mozilla-based web engines and “Thunderbird” mail client which is based on Mozilla.

The EIB‘s main site is currently down, and the bank has just released a Tweet acknowledging the issue as a ‘cyber attack.’ The EIB interconnection infrastructure has been allegedly disrupted.

It’s rare you see a case in which one party alleges the other stole nearly all of the organization’s data – a veritable library – but that seems to be the case in a complaint filed last week between two warring consulting firms.

Last month, the state of Utah appeared to be on fast track to enacting the country's fourth comprehensive state data privacy law. Now it looks like the legislation is on the cusp of being passed.

The warning, issued by the FBI and the SEC’s Office of Investor Education and Advocacy (OIEA) last week comes on the heels of a similar warning via FINRA about the rise in imposter websites.

The recommended changes build off of updates proposed back in October regarding consumer opt-out requests. Those interested in submitting a comment for the proposed regulations have until December 28.

A new U.S. Department of Defense rule goes into effect later this month that will require defense contractors and subcontractors to complete a cybersecurity self-assessment.