Search results for: vulnerability

Handshake

Peer Software partners with Pulsar Security to help enterprise customers combat ransomware attacks

Peer Software announced the formation of a strategic alliance with Pulsar Security. Through the alliance, Peer Software will leverage Pulsar Security’s team of cyber security experts to continuously monitor and analyze emerging and evolving ransomware and malware attack patterns on unstructured data. PeerGFS, an enterprise-class software solution that eases the deployment of a modern distributed file system across multi-site, on-premises and cloud storage, will utilize these attack patterns to enable an additional layer of cyber … More

Dawn Cappelli

OT security: Helping under-resourced critical infrastructure organizations

In this Help Net Security interview, Dawn Cappelli, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she’s heading can help asset owners and operators of industrial infrastructure. [The answers have been lightly edited for clarity] Supply chain risks are compounded … More

week in review

Week in review: Log4Shell exploitation, DevSecOps myths, 56 vulnerabilities impacting OT devices

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: QNAP NAS devices hit by DeadBolt and ech0raix ransomware Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign. Fake voicemail notifications are after Office365, Outlook credentials A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees’ Office365 … More

vmware

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

If your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell vulnerability (CVE-2021-44228) in December 2021, you should threat all those systems as compromised, the Cybersecurity and Infrastructure Security Agency (CISA) has advised on Thursday. The agency accompanied the warning with detailed technical information and indicators of compromised related to two separate incident response engagements they and the United States Coast Guard … More

New infosec products of the week: June 24, 2022

Here’s a look at the most interesting products from the past week, featuring releases from Arcserve, Cavelo, ComplyCube, CompoSecure, and Hillstone Networks. Arcserve N Series appliances allow organizations to protect their digital assets Arcserve N Series hyper-converged data protection appliances combine orchestrated recovery using Arcserve UDP, the flexible scale-out design of Nutanix, and ransomware protection of the backup system with Sophos Intercept X Advanced cybersecurity. ComplyCube’s face authentication combats fake signups and synthetic identities ComplyCube’s … More

Handshake

Bugcrowd partners with SocialProof Security to protect clients against social engineering attacks

Bugcrowd announced a strategic reseller partnership with SocialProof Security, furthering the company’s mission to keep customers a step ahead of evolving cyber threats. As part of the partnership, Bugcrowd will resell SocialProof Security’s services, including social engineering prevention training, protocol and practitioner workshops, and penetration testing. In addition to reselling social engineering services, Bugcrowd continues to innovate and invest in its award-winning Security Knowledge Platform with the most comprehensive suite of security solutions including bug … More

Money

Binarly raises $3.6 million to speed up research and development initiatives

Binarly announced $3.6 million in seed funding from WestWave Capital and Acrobator Ventures. Prominent cybersecurity leaders Michael Sutton, Thomas ‘Halvar Flake’ Dullien, Jamie Butler, Ryan Permeh, Bryson Bort, Pedram Amini, Chris Ueland and David Mandel from Emerging Ventures also joined as investors. Binarly is co-founded by security pioneers Alex Matrosov and Claudiu Teodorescu, who previously worked on hardware and software security at NVIDIA, Intel, ESET, BlackBerry, Cylance and FireEye. Matrosov, a highly regarded researcher who … More

security platform

KSOC releases remediation-as-code response feature for Kubernetes users

KSOC launched a remediation-as-code response option for its Kubernetes Detection and Response offering. The Remediation-as-code feature will provide a suggested remediation for a security finding, removing the burden placed on security engineers and application developers to implement an actionable fix to a security vulnerability. KSOC is the first organization in the market to offer this type of remediation response option for Kubernetes security vulnerabilities. Enterprises are relying more heavily on Kubernetes, yet there is a … More

security platform

CyberStrong 3.20 empowers customers to automate the assessment process

CyberSaint released CyberStrong version 3.20, providing customers with the ability to further automate the assessment process via continuous control automation with Tenable and Microsoft Azure Security Center integrations. “CyberSaint’s continuous control automation functionality changes the way that security and risk teams perform assessments, and ultimately, manage cyber risk,” said Jerry Layden, CEO of CyberSaint. “Being first-to-market with this technology is exciting for us, and positions us to redefine the cyber and IT risk management market … More

security platform

Cavelo unveils platform enhancements to minimize data exposure for midsized businesses

Cavelo announced the release of digital asset discovery, tracking, data access, vulnerability and risk reporting enhancements to help businesses discover sensitive data, minimize data exposure and support attack surface management initiatives. IT and security teams use a combination of processes and technologies to track digital assets (including hardware, software, cloud and sensitive data), and understand their business’s internal and external attack surface. However, legacy and disparate technologies can create data silos that limit visibility to … More

security platform

Menlo Security HEAT Security Assessment Toolkit provides insight into current exposure to HEAT attacks

Menlo Security has released the HEAT Security Assessment Toolkit designed to provide organizations with the ability to assess their levels of protection and current exposure to Highly Evasive Adaptive Threats (HEAT). Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks. These attacks allow threat actors to deliver malicious content, including ransomware, to the endpoint by adapting to the targeted environment. The HEAT Security Assessment Toolkit includes a HEAT Check test and … More

OT ICEFALL

Researchers disclose 56 vulnerabilities impacting thousands of OT devices

Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest vulnerability disclosures that impact OT devices and directly addresses insecure-by-design vulnerabilities. In this video for Help Net Security, Daniel dos Santos, Head of Security Research, Forescout, talks about the 56 vulnerabilities, which impact ten vendors, including Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. Devices affected by OT:ICEFALL Bently … More