Search results for: vulnerability

password

Proper password security falling short despite increase in online presence

While 92 percent of people know that using the same password or a variation is a risk, 65 percent still re-use passwords across accounts, drastically increasing the risks to their sensitive information, a LastPass report revealed. While consumers have a solid understanding of proper password security and the actions necessary to minimize risk, they still pick and choose which information they apply that knowledge to, according to the report. Spending more time online, yet lacking … More

business

Corporate attack surface exploding as a result of remote work

74% of organizations attribute recent business-impacting cyberattacks to vulnerabilities in technology put in place during the pandemic. The data is drawn from a study of more than 1,300 security leaders, business executives and remote employees conducted by Forrester Consulting. From cloud services and applications to personal devices and remote access tools, the corporate attack surface exploded in record time. Difficulty managing the plethora of technologies has made enterprises more vulnerable and propelled cyberattacks. Moreover, 80% … More

5G

APAC 5G revenue to reach $13.9 billion in 2025

Though in early stages, 5G will be adopted considerably faster than 4G based on the current rate experienced in China and South Korea. However, even with faster adoption rates of 5G, 4G will remain the more prevalent cellular technology through 2025. The APAC revenue from 5G is expected to grow from $2.13 billion in 2020 to $13.9 billion in 2025 with a CAGR at 45.5% from 2020 to 2025, according to ResearchAndMarkets. What is driving … More

week in review

Week in review: How to retain best cybersecurity talent, securing Kubernetes, data decay

Here’s an overview of some of last week’s most interesting news, articles and interviews: A new zero-day is being exploited to compromise Macs (CVE-2021-30869) Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and iOS 12. Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005) VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud … More

Apple

A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and iOS 12. About CVE-2021-30869 Flagged by researchers Erye Hernandez and Clément Lecigne of Google’s Threat Analysis Group and Ian Beer of Google Project Zero, the vulnerability is a type confusion issue found in XNU, the kernel of Apple’s macOS and iOS operating systems. As usual, Apple did not share any details … More

Daniel Clayton

Automation is not here to close the cybersecurity skills shortage gap, but it can help

In this interview with Help Net Security, Daniel Clayton, VP Global Security Services and Support at Bitdefender, talks about the cybersecurity skills shortage gap and the role of automation in improving the work of cybersecurity professionals. It is crucial for all organizations nowadays to invest in their SOC team to enhance their security posture. How widespread is this realization among enterprises? I think the realization is relatively widespread today. High profile attacks over the last … More

Nutanix Cloud Platform improves support for mission-critical workloads with AOS 6 software

Nutanix announced new features in the Nutanix Cloud Platform, including the launch of AOS version 6 software, to help enterprises build modern, software-defined data centers and speed their hybrid multicloud deployments. Through these new features, enterprises will get built-in virtual networking, enhanced disaster recovery, and zero-trust security that otherwise would require additional specialized hardware, software, and skills. Most importantly, due to the integrated nature of the Nutanix Cloud Platform, all functionality is managed through a … More

Exein raises €6M to fuel the company’s planned architectural product expansion

Exein announced it has completed a €6 million Series A funding round. The investment is co-led by Future Industry Ventures (FIV), a fund initiated by Redstone and SBI Group dedicated to future industrial systems, and eCAPITAL Entrepreneurial Partners, a German independent VC firm focusing on early-stage DeepTech investments. The round also saw participation from existing investor United Ventures, an Italian venture capital firm specializing in digital technology investments. As the number of embedded, connected devices … More

HackerOne updates Internet Bug Bounty program to improve the security of open source software

HackerOne announced the next evolution of the Internet Bug Bounty (IBB) program at the company’s annual Security conference. The IBB’s mission is to secure open source by pooling funding and incentivizing security researchers to report vulnerabilities within open source software. The updated program builds upon this mission by providing a new pooled funding model so more organizations can leverage the IBB to secure open source dependencies within their software supply chains. Along with HackerOne, participating … More

Apache OpenOffice

A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)

Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability (CVE-2021-33035) that could be triggered via a specially crafted document. The vulnerability has been fixed in the software’s source code, but there is no official software version with the fix (though test build installers are available). About CVE-2021-33035 CVE-2021-33035 was discovered by researcher Eugene Lim via fuzzing and source code review of Apache OpenOffice. He started fuzzing a specific … More

VMware

Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. “This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,” the company noted. “The ramifications of this vulnerability are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly … More

healthcare

We cannot afford for healthcare security to be the “lowest-hanging fruit”

Healthcare organizations have never been more essential. Yet when it comes to cybersecurity, too many hospitals, medical groups and research centers lag far behind other critical industries. While it is easy to blame this security deficiency on a persistent lack of investment, technology is not the only problem. A chronic dearth of cybersecurity expertise has left far too many healthcare organizations vulnerable to another type of virus: marketing. These chronic security deficiencies leave too many … More