Search results for: vulnerability

NFT

Are NFTs safe? 3 things you should know before you buy

NFTs, or non-fungible tokens, have captured the attention (and wallets) of consumers and businesses around the world. This is largely in part to the big price-tag sales, such as the digital artwork by Beeple that sold for over $69M on Christie’s Auction House. While discovering new and inventive ways to exchange currency is par for the course in the digital age we live in, being aware of the security risks associated and taking actions necessary … More

Red Piranha

Crystal Eye XDR: Protect, detect and respond to threats from a single unified platform

In this interview with Help Net Security, Adam Bennett, CEO at Red Piranha, discusses Extended Detection and Response and their flagship product – Crystal Eye XDR. We’ve been hearing a lot about XDR in the past year. What is it, and what security issues does it address? Extended Detection and Response (XDR) is an integrated security protection, threat detection and incident response platform. Comprehensive security is provided from an automated, singular unified platform of integrated … More

cloud

Cloud native adoption increasing security concerns

Cloud native adoption has both transformed the way organizations build modern applications and resulted in increased security threats and concerns, according to a research by Snyk. Most notably, the report found that: More than half of companies surveyed experienced a security incident due to misconfiguration or a known vulnerability in their cloud native applications Developers are three times more likely to view security as their responsibility versus their security peers and, Deploying automation makes it … More

Accurics open source project Terrascan integrates with the Argo Project to enhance cloud security

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF’s Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach. Argo, an open source GitOps engine for Kubernetes, synchronizes Kubernetes clusters, making it easier to … More

Exim

21 vulnerabilities found in Exim, update your instances ASAP!

A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4.94.2, and the software maintainers advise users to update their instances as soon as possible, as all versions of Exim previous to version 4.94.2 are now obsolete. “Several distros will provide updated packages: Just … More

Hand

Is it OK to publish PoC exploits for vulnerabilities and patches?

In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. Hafnium hackers were able to identify three MS Exchange vulnerabilities, including one (ProxyLogon) that enabled them to perform a server-side request forgery that allowed them to obtain admin access by sending a crafted web request. Volexity identified this exploit in early … More

thief

Defeating typosquatters: Staying ahead of phishing and digital fraud

It has become a mantra for businesses targeted by hackers to describe the incident as a “sophisticated cyber-attack”. Although true in some instances, the reality is that most cyber-attacks involve the use of easily preventable tactics including phishing, business email compromise, social engineering, and out-of-date software. Email phishing scams typically rely on diverting unsuspecting people to sites that look legitimate. This requires criminals to set up a domain that impersonates a site that is of … More

ThreatQuotient launches ThreatQ TDR Orchestrator to accelerate detection and response

ThreatQuotient announced ThreatQ TDR Orchestrator, a new data-driven automation capability for more efficient and effective threat detection and response. This capability enables users to control what actions are to be taken, when, and why through the use of data. “The security industry’s approach to automation has overlooked the vastly different needs of detection and response use cases,” said Leon Ward, VP of Product Management, ThreatQuotient. The focus of ThreatQ TDR Orchestrator is data, not process. … More

DigiCert Smart Seal improves consumer trust in websites

DigiCert announced the DigiCert Smart Seal, a new dynamic site seal that gives website visitors confidence that their information is secure on the web. Real-time security indicators enabled through various microinteractions alert visitors that the seal is actively present on the page, the site has been validated, and the site is protected by an active certificate from the world’s most trusted certificate authority. When site visitors roll over the DigiCert Smart Seal, they see the … More

Apple

Apple fixes four zero-days under attack

A week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that “may have been actively exploited”. The fixed Apple zero-days macOS Big Sur 11.3.1, iOS 14.5.1 and iPadOS 14.5.1 fix: CVE-2021-30665 – a memory corruption issue in WebKit that could lead to arbitrary code execution when a user views (i.e., … More

Secure your cloud: Remove the human vulnerabilities

Training to increase employees’ security awareness and change risky behaviours among end users is important, particularly as the future workplace will be hybrid and many professionals will still be working remotely. After all, you don’t want your employees to be the “soft underbelly” that hackers, criminals, or other bad actors can easily target. While end user education and awareness plays a crucial role, this is only a partial defense. There’s another group of people that … More

code

Risk-based vulnerability management has produced demonstrable results

Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: risk-based cybersecurity produces proven results. The data shows that risk-based vulnerability management (RBVM) programs allow companies to get measurably better results with less work. Extrapolating from there, it’s possible to make a broad case that risk-based programs are a necessary component of enterprise cybersecurity. It wasn’t always easy to make … More