Search results for: vulnerability


Cultivating a security-first mindset for software developers

There is a “great cyber security awakening” happening across companies. Right now, we need a fundamental new approach to development, so we are not constantly firefighting. Almost two years into the pandemic, organizations are recognizing that their teams may never be together in one place again. This has pushed a mass adoption of cloud services and SaaS applications to enable their distributed workforces. The pandemic has also fueled an increase in cybercrime, with criminals taking … More


Tech Mahindra acquires Com Tec Co IT to enhance digital engineering capability

Tech Mahindra announced 100% acquisition of Com Tec Co IT Ltd (CTC) for €310 million including earnouts and synergy linked payouts. CTC is an IT solutions and service provider serving the insurance and financial services industries with development centres in Latvia and Belarus. The acquisition will enable Tech Mahindra to tap onto the potential industry disruption in the Insurance sector, expand its offerings to high-end digital engineering services for some of the largest insurance, reinsurance … More


Ukraine: Wiper malware masquerading as ransomware hits government organizations

In the wake of last week’s attention-grabbing defacements of many Ukrainian government websites, Microsoft researchers have revealed evidence of a malware operation targeting multiple organizations in Ukraine, deploying what seems to be ransomware but is actually Master Boot Records (MBR) wiper malware. The defacements “On the night of January 13-14, a number of government websites, including the Ministry of Foreign Affairs, the Ministry of Education and Science and others, were hacked. Provocative messages were posted … More


The future of security protocols for remote work

Cybercrime has been growing rapidly for years, and the sudden pandemic-fueled shift to work from home (WFH) only accelerated the threat, forcing businesses to start putting a real focus on establishing solid security protocols and building a strong relationship with their cybersecurity vendors. In such a landscape, we can expect to see an influx of even more cybersecurity startups cropping up to join the many that already exist. We see especially great potential in cybersecurity … More


The rising threat of cyber criminals targeting cloud infrastructure in 2022

In the world of cybersecurity, combating threats is like playing endless, hyper-advanced, multidimensional Whack-A-Mole: new threats are always emerging, often from unexpected sources, and trying to keep up can feel impossible. The threats are constantly shifting, subject to trends in cryptocurrency use, geopolitics, the pandemic, and many other things; for this reason, a clear sense of the landscape is essential. Below, you’ll find a quick guide to some of the most pressing threats of the … More


Flashpoint acquires Risk Based Security to help businesses detect emerging cyber risks

Flashpoint announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’s collections and technology into the Flashpoint platform offers a wide range of cybersecurity practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management teams—the contextual threat intelligence and automation they need to detect, prioritize, and thwart emerging cyber risks rapidly and holistically. “I … More


Pentera raises $150 million to grow its global operations and product line

Pentera announced it has raised $150 million in Series C funding led by K1 Investment Management, with participation from Evolution Equity Partners and Insight Partners. Additional investors include Awz Ventures, a Canadian-Israeli VC group, and Blackstone. The round brings Pentera’s valuation to $1 billion after only three years in the market since the debut of its automated penetration testing technology. The funding makes Pentera the highest-valued company in its category. With more than 400 enterprise … More


2022 promises to be a challenging year for cybersecurity professionals

I am very glad to turn the page on 2021, however, I am not optimistic that 2022 will be remarkably better. I am hopeful that President Biden’s Executive Order 14028 and the Department of Homeland Security’s (DHS’s) Binding Operational Directive 22-01 (BOD 22-01) will help improve our cybersecurity practices and bolster our resilience, especially for mission critical and infrastructure protection. These mandates outline: Enhanced practices for prioritization and remediation of risk-based vulnerabilities, focusing on those … More

security platform

NormCyber smartbloc. offers visibility over cyber and data protection risks

NormCyber launched smartbloc., a fully managed service that provides businesses with complete visibility and control over both cyber and data protection risks. Each smartbloc. customer will be allocated their own Cyber Resilience Score, which has been designed to give business and technology leaders a near real-time view of the level of risk facing their organizations, as well as actionable insights on how to reduce their exposure. Reducing the risks associated with processes, people and technology … More

Patch Tuesday

Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)

The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server (CVE-2022-21907). Vulnerabilities of note Among the publicly known flaws are a “critical” RCE in curl (CVE-2021-22947) and “important” RCE in libarchive (CVE-2021-36976) open source libraries, which have now been “fixed” in Windows 10, 11 and Server with the inclusion of the most recent versions of the libraries. But these … More


Small businesses are most vulnerable to growing cybersecurity threats

Many small and medium-sized businesses (SMBs) mistakenly assume (hope?) their size makes them a less appealing target to hackers, without realizing cyber criminals are eager to exploit the unique characteristics that make them even more vulnerable to cyber-attacks. While protecting digital resources may be easy for large companies that can afford to hire in-house cybersecurity staff and establish threat monitoring and endpoint detection infrastructure, this endeavor can often seem impossible for SMBs. All the while, … More


Eight resolutions to help navigate the new hybrid office model

Continuous review and improvement are crucial for a successful security program. As this year draws to a close, it is a good time to look back on 2021 and prepare a few resolutions for the new year. Adapting to the pandemic-created hybrid office model has proven to be one of the biggest challenges. I expect that securing a remote workforce, the growth of applications and services in the cloud, and improving security controls over the … More