Search results for: vulnerability

Panaseer unveils cyber measurement guidance to help avoid incidents

Panaseer announces guidance on best practice cybersecurity measurements to help avoid incidents. Currently, there is limited industry guidance around the most important metrics to evaluate, and how to standardise calculations and policies as part of a high-quality security metrics programme. With the right metrics, organizations improve visibility into and raise their security posture, helping to limit exposure to successful attacks, such as ransomware, or vulnerabilities including FireEye or SolarWinds. Among highly regulated, global organizations, Panaseer … More

Broken glass

Most mobile finance apps vulnerable to data breaches

77% of financial apps have at least one serious vulnerability that could lead to a data breach, an Intertrust report reveals. This report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020. Over the same period, cyberattacks against financial institutions rose by 118%, according to VMware. The study’s overall findings suggest that … More

CISA selects Bugcrowd and EnDyna to launch its VDP platform

The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency of the US government, has selected Bugcrowd to launch its first federal civilian enterprise-wide crowdsourced vulnerability disclosure policy (VDP) platform in support of Binding Operational Directive (BOD) 20-01. CISA, through the Cybersecurity Quality Services Management Office, is partnering with Bugcrowd and EnDyna – a government contractor that provides technology-based solutions. CISA will offer this VDP platform service to Federal Civilian Executive Branch (FCEB) agencies which … More

Brinqa raises $110M to accelerate adoption of risk-based cybersecurity

Brinqa announced that it has received $110 million in growth capital from leading global venture capital and private equity firm Insight Partners. Bootstrapped and founder-backed since 2009, Brinqa is receiving its first institutional investment for continued business scaling and market expansion. This capital infusion better positions Brinqa to satisfy the increasing demand to address security challenges with seamlessly integrated, highly automated, and risk-based cybersecurity programs. “Brinqa is a rare example of a bootstrapped cybersecurity company … More

Patch Tuesday

June 2021 Patch Tuesday: Microsoft fixes six actively exploited zero-days

On this June 2021 Patch Tuesday: Microsoft has fixed 50 security vulnerabilities, six of which are actively exploited zero-days Adobe has delivered security updates for Acrobat and Reader, After Effects, Photoshop, and other products Intel has patched a flurry of flaws in various solutions, though none are critical SAP has released 17 security notes and updated 2 Microsoft’s updates On this June 2021 Patch Tuesday, Microsoft has splatted 5 critical and 45 important bugs. Three … More

identity theft

Reformulating the cyber skills gap

Despite a positive (and significant) decrease from over 4 million unfilled cybersecurity jobs in 2019, there is still a staggering 3.12 million global shortage of workers with cybersecurity skills. You may find this somewhat inevitable, given that IT innovation changes things so quickly and business will always, as a result, be playing catch up. However, I argue that we have the tools to tackle the gap and might have done so already were it not … More

cloud binary

Application security approaches broken by rising adoption of cloud-native architectures

The rising adoption of cloud-native architectures, DevOps, and agile methodologies has broken traditional approaches to application security, a survey of 700 CISOs by Coleman Parkes reveals. As organizations shift more responsibility “left” to developers to accelerate innovation, increasingly complex IT ecosystems and outdated security tooling can slow releases by leaving blind spots and forcing teams to manually triage countless alerts, many of which are false positives reflecting vulnerabilities in libraries that are not used in … More

USA flag

Biden’s plan for strengthening US cybersecurity is too soft

As a security professional, I applaud President Biden’s Executive Order on Improving the Nation’s Cybersecurity. Cyberattacks are growing greater in scope and number and have a direct impact on us. From our gas and water supply to the most recent attack on the world’s largest meat supplier, cyberterrorism is becoming a national security threat. So, it’s about time we treat it like one. Biden’s plan is a good first step but is missing a critical … More

open source

New Google tool reveals dependencies for open source projects

Google has been working on a new, experimental tool to help developers discover the dependencies of the open source packages/libraries they use and known security vulnerabilities they are currently sporting. Open Source Insights Open Source Insights is a Google Cloud Platform-hosted tool that’s accessible via a website into which users can enter the name of specific open source packages and get an overview of how they are put together. It shows: Information about the packade … More

unified endpoint management

How do I select a unified endpoint management solution for my business?

Having an appropriate unified endpoint management (UEM) solution is important nowadays, not only because of the growing number of devices every organization has in its network, but also because of a surge in cybersecurity threats that are making them increasingly vulnerable. To select a suitable UEM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic. Kristin Hazlewood, VP … More

biometrics

IT service desks lacking user verification policy, putting businesses at risk

48% of organizations don’t have a user verification policy in place for incoming calls to IT service desks, according to Specops Software. The information was uncovered as part of a survey of more than 200 IT leaders from the private and public sectors in North America and Europe. In addition, the survey found that 28% of the companies that actually do have a user verification policy in place are not satisfied with their current policy … More

week in review

Week in review: Kali Linux 2021.2, the human cost of understaffed SOCs, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and interviews: Kali Linux 2021.2 released: Kaboxer, Kali-Tweaks, new tools, and more! Offensive Security has released Kali Linux 2021.2, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. June 2021 Patch Tuesday forecast: Patch management is back in the spotlight Every day you look in the security news, there are reports of new … More