Search results for: vulnerability

cloud complexity

Don’t ignore the security risks of limitless cloud data

Over the past two decades, technology has evolved to make it easy and affordable for companies to collect, store and use massive amounts of data. From AWS to Google Cloud to Snowflake, even startups and small businesses can quickly establish a mature data practice and use unprecedented amounts of information to inform and streamline operations. The exponential growth in our ability to manage and use data has provided tremendous benefits to business and society alike. … More

security platform

QuoLab unveils SaaS platform to enable sensitive data sharing

QuoLab Technologies has launched its new software as a service (SaaS) platform. QuoLab’s SaaS platform includes two critical capabilities: read-through and multi-tenancy, which will provide Fortune 1,000 SOC teams and MSSPs with an optimized process for conducting investigations and managing threat intelligence data. Teams will be able to identify patterns, common issues and vulnerabilities across clients while securely and intentionally sharing data, ultimately increasing the value of intelligence and optimizing the workforce. The cybersecurity market … More

Log4j

A year later, Log4Shell still lingers

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests. A vulnerability that’s difficult to eradicate When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following its disclosure, organizations significantly reallocated resources and invested tens of thousands of hours to identification and remediation efforts. One federal … More

Army

Federal defense contractors are not properly securing military secrets

Defense contractors hold information that’s vital to national security and will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance to keep those secrets safe. Nation-state hackers are actively and specifically targeting these contractors with sophisticated cyberattack campaigns. A shocking 87% of contractors have a sub-70 Supplier Performance Risk System (SPRS) score, the metric that shows how well a contractor meets Defense Federal Acquisition Regulation Supplement (DFARS) requirements. DFARS, which has been law … More

Infosec products of the month: November 2022

Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Acronis, Bearer, Bitdefender, Clumio, Cohesity, Flashpoint, Forescout, ForgeRock, ImmuniWeb, Keyo, Lacework, LOKKER, Mitek, NAVEX, OneSpan, Persona, Picus Security, Qualys, SecureAuth, Solvo, Sonrai Security, Spring Labs, Tanium, Tresorit, and Vanta. Qualys TotalCloud with FlexScan helps enterprises strengthen cloud-native security Qualys announced TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy via agent and agent-less scanning for comprehensive coverage … More

Software

Codenotary announces TrueSBOM for Serverless, a self-updating SBOM

Codenotary has released TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code. Until now, SBOM generation for serverless apps was nearly impossible. With TrueSBOM, applications self-report their components so that the SBOM always remains up-to-date. That is really the only way to create an SBOM for serverless … More

Handshake

Varonis and HackerOne launch vulnerability disclosure program

Varonis has launched its public vulnerability disclosure program via HackerOne. The VDP enables the entire HackerOne community to report potential security issues related to Varonis’ corporate and cloud environments, including Varonis SaaS products. Varonis CISO Guy Shamilov said, “Varonis has had tremendous success with our private bug disclosure program, and the logical next step for us is to partner with HackerOne, the undisputed leader in vulnerability coordination and bug bounty management.” “Varonis has always remained … More

gap

How to find hidden data breaches and uncover threats in your supply chain

In this article, we’ll help you: Understand how breaches can stay hidden inside your supply chain Determine if your supplier relationships are increasing your risk Assess your exposure across your entire supply chain The cyber pain in the supply chain A company’s supply chain is like a body’s nervous system: a mesh of interconnected manufacturers, vendors, sub-contractors, service delivery firms, even coding and collaboration tools. The connected enterprise is an efficient enterprise. Provided that the … More

security platform

LogicGate Cyber Risk & Controls Compliance Solution enables enterprises to assess cyber risk

LogicGate launched its Cyber Risk & Controls Compliance Solution, empowering IT and risk leaders to visualize, understand and optimize their cybersecurity posture. LogicGate’s solution enables cyber teams to translate cyber risk into financial impact, prioritize cyber risk response and resource allocation, and seamlessly connect their cyber risk management and enterprise risk management programs. The average data breach cost for organizations globally hit an all-time high of $4.35 million in 2022. Enterprises now face exponentially growing … More

Amazon Security Lake

Amazon Security Lake: Automatically centralize your security data

Amazon Security Lake is a service that automatically centralizes an organization’s security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account so customers can act on security data faster. Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings, converts incoming security data to the efficient Apache Parquet format, and conforms it to the Open Cybersecurity Schema Framework (OCSF) open standard to make it easier … More

Oracle

Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog. About CVE-2021-35587 CVE-2021-35587 was discovered by security researchers “Jang” (Nguyen Jang) and “Peterjson” in late 2021 by accident, while “building PoC for another mega-0day.” The vulnerability is in the OpenSSO Agent … More

security platform

Trend Micro Cloud Sentry identifies threats in business-critical cloud infrastructure

Trend Micro has unveiled a new protection deployment model that delivers great value to both security and development teams. Trend Micro identifies threats in minutes and delivers security findings with no performance impact and without removing data from the customer environment. “Trend Micro is the largest player in the cloud workload security market,” said Philip Bues, Research Manager, Cloud Security at IDC. “Security teams are struggling to keep up with the rapid pace of development … More