Search results for: vulnerability


The importance of vulnerability management for your organization

Everyone is familiar with home burglaries. Criminals case a house looking for easy access through open windows, unlocked doors, open garages, and the like. Hackers take the same approach electronically and look for network vulnerabilities that grant them access to the data they want. And small to mid-size businesses are an ideal target, since they have fewer resources to dedicate to security efforts than larger companies. Vulnerability scanning When you hire a home security expert, … More


ATG selects YesWeHack to identify potential vulnerabilities on its platforms and applications

YesWeHack has partnered with Sweden headquartered ATG, to identify potential vulnerabilities on its exposed assets. ATG provides quality excitement and entertainment through horse betting, sports betting and casino games for approximately 1.4 million customers. ATG is constantly evolving to meet new technology demands, increased data access, faster connections, and new digital channels. It is at the forefront of using digital technology to offer content-rich, personalised, and constantly available entertainment while meeting stricter regulation, digitalisation, and … More


Aqua Security acquires Argon to secure all stages of software build and release

Aqua Security announced the acquisition of Argon, a pioneer in software supply chain security. Argon and Aqua now offer a solution to secure all stages of software build and release. Shifting further “left,” Aqua Security’s Cloud Native Application Protection Platform (CNAPP) is now a solution that can protect the full software development lifecycle (SDLC) from code through build to runtime, ensuring the end-to-end integrity of applications. “With the addition of Argon to the Aqua Platform, … More

Infosec products of the month: November 2021

Here’s a look at the most interesting products from the past month, featuring releases from 1Password, Avast, Boxcryptor, Code42, ColorTokens, Cynamics, Fortanix, Hiya, Huntsman Security, Imperva, iStorage, Jetico, Netscout, Palo Alto Networks, Siren, Saviynt, StorONE, Tenable, The Linux Foundation, ThreatQuotient, Tufin, Viavi Solutions and WatchGuard. Nessus 10 is out, with Raspberry Pi support Tenable has released Nessus 10 and extended supported platforms to include Raspberry Pi, allowing penetration testers, consultants, security teams and students to … More


McAfee and FireEye integrate with Amazon Inspector to protect data in the cloud

McAfee Enterprise and FireEye released new cloud security capabilities on AWS as well as integration with Amazon Inspector. FireEye Helix behavior analysis and machine-learning Extended Detection & Response (XDR) capabilities combined with Amazon Inspector, a vulnerability management service, offers AWS customers greater visibility and protection of applications and data in the cloud. McAfee Enterprise and FireEye are also now included in the AWS ISV Workload Migration Program (WMP), which helps customers with funding, technology enablement … More


Armis raises $300M to accelerate strategic platform development and regional expansion

Armis announced that it has closed its latest investment round and increased its valuation to $3.4 billion. One Equity Partners (“OEP”), in conjunction with existing investors, made a combined $300 million investment to accelerate strategic platform development and global GTM initiatives, and to support future acquisitions. OEP will also be joining the board of directors. “One Equity Partners is the exact type of investor we need at this juncture. They deeply understand our sector and … More


Patching takes 2.5 times longer when endpoints are remote

Action1 released a report based on the feedback from 491 IT professionals worldwide. The study explores how organizations patch and manage their remote and office-based endpoints and provide employees with remote IT support. The report reveals that even though most organizations plan to keep at least some remote work in 2022, they struggle to secure and support their remote or hybrid workforce. 78% of respondents admitted experiencing delays in patching critical vulnerabilities during the past … More


GlobalPlatform offers a framework to protect applications and data against high-profile attacks

GlobalPlatform has certified its Secure Element (SE) Protection Profile (PP) with the international standard for computer security certification, Common Criteria (CC). The document is the latest update to GlobalPlatform’s Security Certification Program. It will make it quicker and easier for stakeholders across industries to validate and compare security features, protect applications and data against high-profile attacks and comply with evolving IoT and cybersecurity regulations. Since 2000 GlobalPlatform has been the de-facto standard for secure element … More

week in review

Week in review: Windows EoP flaw still exploitable, GoDaddy breach, malicious Python packages on PyPI

Here’s an overview of some of last week’s most interesting news, articles and interviews: After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379) A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed GoDaddy, the popular internet domain registrar and web hosting company, has suffered … More


From fragmented encryption chaos to uniform data protection

Encryption is so critical to enterprise security that it’s almost like air: It’s a necessity, it’s everywhere, and we can’t live without it. On the surface, having encryption everywhere seems like a great idea. However, in many ways the drive to achieve ubiquitous data security has undermined itself. That’s because often the only way to approach ubiquity is by combining a variety of point systems, vendors, and technologies to cover data in a dizzying combination … More


Which technologies will be the most important in 2022?

IEEE released the results of a survey of global technology leaders from the U.S., U.K., China, India and Brazil. The study, which included 350 CTOs, CIOs and IT directors, covers the most important technologies in 2022, industries most impacted by technology in the year ahead, and technology trends through the next decade. The most important technologies, innovation, sustainability and the future Among total respondents, 21% say AI and machine learning, cloud computing (20%) and 5G … More


After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was “not fixed correctly.” So he created and … More