Search results for: vulnerability

US agricultural co-op hit by ransomware, expects food supply chain disruption

New Cooperative Inc., an agricultural cooperative owned by Iowa corn and soy farmers, has been hit by the BlackMatter ransomware group. The attackers are asking the co-op to pay $5,900,000 for the decryption key and not to release the stolen data. What we know about the ransomware attack on New Cooperative? New Cooperative is one of the largest farm cooperatives in the US. They confirmed the attack on Monday and said that the “cybersecurity incident” … More

microsoft power apps

Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

Security misconfigurations are one of the most common gaps hackers look to exploit. One bad configuration setting in a popular cloud platform can have far-reaching consequences, allowing threat actors to access an abundance of valuable, personal information and use it to their advantage. Over the last 12-18 months, the COVID-19 pandemic has driven the rapid adoption of cloud applications across the world. According to Cloudwards, 94% of all enterprises now use cloud services. Whilst organizations … More

patch

The complexities of vulnerability remediation and proactive patching

In this interview with Help Net Security, Eran Livne, Director, Product Management, Endpoint Remediation at Qualys, discusses vulnerability remediation complexity, the challenges related to proactive patching, as well as Qualys Patch Management. What makes vulnerability remediation a complex task? Most vulnerability remediation involves multiple teams and processes – first, a scanning tool identifies vulnerabilities, and then they are passed to the patching team for remediation. This is a pain point for organizations and leads to … More

week in review

Week in review: Kali Linux 2021.3, how to avoid cloud configuration breaches, hybrid digital dexterity

Here’s an overview of some of last week’s most interesting news, articles and interviews: Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860) Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in attacks in the wild. Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more! Offensive Security has released Kali Linux 2021.3, the … More

open source

Open source cyberattacks increasing by 650%, popular projects more vulnerable

Sonatype released a report that revealed continued strong growth in open source supply and demand dynamics. Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. Based on survey responses collected from 702 software engineering professionals, the research observes a fundamental … More

Versa Networks offers 5G WAN Edge products to deliver SASE services to the network edge

Versa Networks launched 5G-native products for the wide area network (WAN) edge delivering complete SASE integration and SASE services to the network edge. Natively supporting private 5G functions, Versa enables ease of deployment and equips organizsations with QoS, network segmentation, and SASE services to meet the highest levels of compliance and privacy requirements for an optimal 5G network architecture. 5G connectivity is a requirement for many organizations because it offers extremely fast speeds, high performance … More

CVE-2021-40444 exploitation

CVE-2021-40444 exploitation: Researchers find connections to previous attacks

The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared. The researchers also found connections between the attackers’ exploit delivery infrastructure and an infrastructure previously used by attackers to deliver human-operated ransomware, the Trickbot trojan and the BazaLoader backdoor/downloader. The attacks and their possible goals Judging by the email lures used … More

Beyond Identity’s solution secures the software supply chain against insider threats and malicious attacks

Beyond Identity announced a solution that closes a critical vulnerability and secures the software supply chain against insider threats and malicious attacks. Beyond Identity’s new Secure DevOps product establishes a simple, secure, and automated way to confirm that all source code entering a corporate repository and processed by the continuous integration/continuous deployment (CI/CD) pipeline is signed by a key that is cryptographically bound to a corporate identity and device. This ensures trust, integrity, and auditability … More

Qualys Patch Management keeps endpoints up to date to reduce risk from exploits

Qualys announced it is integrating zero-touch patching capabilities into Qualys Patch Management. Zero-Touch Patch ensures that companies’ endpoints and servers are proactively updated as soon as patches are available, reducing their overall attack surface. Most vulnerability remediation involves multiple teams and processes – first, a scanning tool identifies vulnerabilities, and then they are passed to the patching team for remediation. This is a pain point for organizations and leads to extra resources, costs and longer … More

risk

Most Fortune 500 companies’ external IT infrastructure considered at risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, a Cyberpion research reveals. External IT infrastructure and assets at risk 73% of Fortune 500 companies’ total IT infrastructure is external to the organization, of which 24% is considered at risk or has a known vulnerability The total IT … More

lock

Execs concerned about software supply chain security, but not taking action

Venafi announced survey results highlighting the challenges of improving software supply chain security. The survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and revealed a glaring disconnect between executive concern and executive action. While 94% of executives believe there should be clear consequences (fines, greater legal liability for companies proven to be negligent) for software vendors that fail to protect … More

ThreatConnect 6.3 helps organizations identify and remediate threats faster

ThreatConnect released ThreatConnect 6.3, which improves the threat intelligence process by introducing six new threat intelligence group types for clearer and more intuitive data mapping for cyber threat intelligence analysts and our threat intel partnered integrations, as well as Workflow Metrics to help Security Operations Center (SOC) Directors identify whether the tools, processes, and automations in place are helping the organization identify and remediate threats faster. ThreatConnect continues to change the way security works. The … More