Search results for: vulnerability

virtual reality

The SOC is blind to the attackable surface

A security operations center (SOC) is the central nervous system of any advanced cybersecurity program. Yet even the most well-funded, highly organized and properly equipped SOC is often no match for a simple misconfiguration error. Organizations have piled security controls upon security controls, and still remain largely blind to the most serious threats they face. Why? Because they are often blind to the attackable surface. Defenders think in lists, adversaries think in attack graphs The … More

week in review

Week in review: SAP apps under attack, Zero Trust creator talks, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and reviews: SAP applications are getting compromised by skilled attackers Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. Office 365 phishing campaign uses publicly hosted JavaScript code A new phishing campaign targeting Office 365 … More


April 2021 Patch Tuesday forecast: Security best practices

March kept us all very busy with the ongoing out-of-band Microsoft updates for Exchange Server and the printing BSODs, which plagued us since last Patch Tuesday. It looks like a standard release of updates from Microsoft next week, but before we get to patching vulnerabilities, I would like to focus on the need to discover and report on them. I entered the software and security market back in the mid-1980s when the internet was growing … More

ShiftLeft CORE: A unified code security platform

ShiftLeft introduced ShiftLeft CORE, a unified code security platform. Powered by ShiftLeft’s Code Property Graph (CPG) engine, the ShiftLeft CORE platform features NextGen Static Analysis (NG SAST), a modern code analysis solution built to support developer workflows; Intelligent Software Composition Analysis (SCA), which scores code vulnerabilities based on whether an attacker can reach it; and ShiftLeft Educate, which delivers contextual security training for developers within the developer workflow. “With security of the software supply chain … More

VMware increases visibility, enables compliance and enhances security for containerized applications

VMware unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes. The new solution will help increase visibility, enable compliance and enhance security for containerized applications from build to production in public cloud and on-premises environments. “Containers and Kubernetes are enabling organizations to develop and modernize applications faster than ever, but the innovation is also expanding the attack surface,” said Patrick Morley, senior vice president and general manager, Security Business Unit, VMware. … More

identity theft

People are the weakest link in data breaches, but can they be held accountable?

In the people-process-technology triad, human error is the top reason for breaches, accounting for 70% of successful attacks, a Cyberinc survey reveals. The next biggest cause is vulnerability management through patches and upgrades, accounting for just 14% of successful attacks. Securing remote users is top priority The report also shows that more than 60% of respondents said that securing remote users is their top security priority in 2021, and roughly three-fourths of individuals indicated that … More

zero trust

Zero Trust creator talks about implementation, misconceptions, strategy

A little over a decade ago, John Kindervag outlined the Zero Trust security model. As a VP and Principal Analyst on the Security and Risk Team at Forrester Research, he spent years doing primary research and the result was a new model of trust, a new approach to cybersecurity, and a security strategy designed to stop the mounting data breaches. In the intervening years, Zero Trust gained many adherents and proponents, and with good reason: … More

VMware vRealize Operations

VMware patches critical vRealize Operations flaws that could lead to RCE

Two vulnerabilities (CVE-2021-21975, CVE-2021-21983) recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution (RCE) on the underlying operating system, Positive Technologies researchers have found. There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild. Nevertheless, administrators are advised to implement provided security patches or temporary workarounds as soon as possible. VMware vRealize Operations vulnerabilities could lead to RCE … More

Optiv Security Enterprise IoT Lab helps identify, assess, and mitigate IoT device security challenges

Optiv Security unveiled its Enterprise Internet of Things (IoT) Lab in response to a growing and ever-present pain point for client security leaders – the proliferation of IoT devices on organizational networks. Chief information security officers (CISOs) are dealing with sizeable blind spots and have expressed the clear need for support in discovering those devices and bringing them into their existing vulnerability management programs with an expanded objective of total network protection that goes beyond … More


3 steps to meeting data privacy regulation compliance through identity programs

Cybersecurity is undeniably a business-critical function. That’s only been reinforced over the past few months by the SolarWinds and Exchange attacks. Consequently, a recent PWC report found that 55% of enterprise executives plan to increase their cybersecurity budgets in 2021, and 51% plan to add full-time staff dedicated to cybersecurity within the year. Meeting data privacy regulation compliance This focus on security, however, isn’t just a reaction to more cyberattacks. It also correlates with the … More


Organizations suffer downtime despite following cybersecurity recommendations

Organizations continue to suffer downtime despite IT stacks equipped with all recommended cybersecurity technologies – including continuous data protection, anti-malware with zero-day threat prevention capabilities, automated patch management, vulnerability assessments, and more. In a recent survey, IT professionals reported that increases in training time and data loss associated with remote work and daily IT and business operations are increasing in 2021 compared to 2020. As the COVID-19 lockdowns were first beginning a year ago, Acronis … More

Sysdig introduces unified cloud and container security with the launch of CSPM

Sysdig announced the addition of unified cloud and container security with the launch of continuous cloud security posture management (CSPM). Threat research conducted by Sysdig shows that having a single view across cloud, workloads, and containers speeds the time to both detect and respond to lateral movement attacks, a common technique used in the majority of cybersecurity breaches. By pairing the Sysdig cloud security capabilities announced today with its container security features, teams can identify … More