Search results for: vulnerability

application

Checkmarx API Security identifies shadow and zombie APIs during software development

In Las Vegas, at Black Hat USA 2022, Checkmarx has released Checkmarx API Security, the “shift-left” API security solution. Building on the launch of Checkmarx Fusion, which prioritizes and correlates vulnerability data from across different AppSec engines, Checkmarx API Security is delivered as part of the platform Checkmarx One. The developer workflow-oriented solution inventories even shadow and zombie APIs as part of the inventory and remediation solution to secure the entire API lifecycle. According to … More

email

Which malware delivery techniques are currently favored by attackers?

A wave of cybercriminals spreading malware families – including QakBot, IceID, Emotet, and RedLine Stealer – are shifting to shortcut (LNK) files for email malware delivery. Shortcuts are replacing Office macros – which are starting to be blocked by default in Office – as a way for attackers to get a foothold within networks by tricking users into infecting their PCs with malware. Keeping up with changes in the email threat landscape HP Wolf Security’s … More

SAP

Why SAP systems need to be brought into the cybersecurity fold

SAP’s status as a leading business process management software provider is undeniable. Today, the company serves over 230 million cloud users and 99 of the top 100 companies in the world with the largest cloud portfolio of any provider, comprising more than 100 solutions covering all business functions. Touching 77% of all transactions and thought to store 70% of all corporate data, SAP systems are a fundamental digital cog in the global economy. But SAP … More

security platform

ActZero Ransomware Readiness Assessment strenghtens ransomware defense for SMEs

ActZero has launched a Ransomware Readiness Assessment for small and medium-sized enterprises (SMEs). The program simulates a ransomware attack sequence, which can expose vulnerabilities and lateral pathways left open by existing tools. With this valuable visibility businesses can start reducing risk immediately. Adversaries expect small businesses to lack proper ransomware defenses. With ActZero MDR, they can now prove them wrong. Adversaries are turning up the pressure on their victims, demanding average ransoms nearing $1M, and … More

Handshake

Mirantis collaborates with Nuaware to eliminate Kubernetes complexity for developers

Mirantis has partnered with Nuaware to deliver Lens, the Kubernetes platform. Mirantis recently launched Lens Pro with features for enterprise users that simplify the developer experience working with Kubernetes – adding on-demand live support, easy setup for container image scanning and vulnerability reporting, and a built-in local Kubernetes cluster. Lens Pro is an opportunity for channel partners to realize recurring revenues through subscription-based packaging and pricing. “Nuaware can help us extend our reach to new … More

lock

Deepfence ThreatMapper 1.4 empowers organizations to visualize cloud native threat landscape

Today, at Black Hat USA 2022, Deepfence announced the 1.4 release of its open source project ThreatMapper, cloud native offering that expands attack path visualization, adds cloud security posture management, and now includes the cloud native, YARA-based malware scanner. ThreatMapper is an open platform for scanning, mapping, and ranking vulnerabilities in running pods, images, hosts, and repositories. ThreatMapper scans for known and unknown vulnerabilities, secrets, cloud misconfigurations and then puts those findings in context. With … More

fix

Cycode’s new software supply chain features identify vulnerabilities in all phases of the SDLC

Cycode has launched its software composition analysis (SCA) solution and the expansion of its platform to add static application security testing (SAST) and container scanning. Cycode’s platform makes AppSec tools better through its Knowledge Graph, which provides context of the software development lifecycle (SDLC) to improve accuracy and reduce mean-time-to-remediation (MTTR). Cycode’s capabilities have moved beyond existing solutions in terms of breadth and depth, while also providing net new capabilities, like Pipeline Composition Analysis to … More

data security

Halo Security launches attack surface management platform to protect data from external attackers

TrustedSite has launched Halo Security at Black Hat USA 2022. The company’s attack surface management platform combines external asset risk and vulnerability assessment, and penetration testing services to provide organizations complete visibility into the risk posture of their internet-exposed assets on an on-going basis. Led by experienced penetration testers, scanning leaders and reformed hackers, Halo Security brings the attacker’s perspective to the modern organization with a mission to help organizations protect data from external attackers … More

AWSGoat

AWSGoat: Easy to deploy vulnerable AWS infrastructure for pentesters

Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since the cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. In this Help Net Security video, Jeswin Mathai, Chief Architect, Lab Platform at INE, showcases AWSGoat, … More

Kunal Modasiya

The challenges of managing the modern external attack surface

Qualys recently added External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform. In this interview for Help Net Security, Kunal Modasiya, VP of Product Management at Qualys, discusses how the new component, integrated into CyberSecurity Asset Management 2.0, adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. What do the External Attack Surface Management (EASM) capabilities in the Qualys Cloud … More

tunnel

Cymulate improves risk visibility for businesses with new analytics capabilities

Cymulate announced the expansion of its Extended Security Posture Management (XSPM) Platform to include advanced insights and analytics capabilities. As businesses struggle to manage attack surfaces and validate security controls, these new data-driven capabilities significantly improve risk visibility and deliver actionable insights for reducing remediation time. Businesses also now gain enhanced levels of granularity for setting and tracking cybersecurity performance metrics and KPIs, which are required for improving cyber resilience. “­­Now, more than ever, organizations … More

magnify

Vicarius vsociety enables peer-to-peer networking and open-source collaboration on vulnerability research

Vicarius announced at the Black Hat USA 2022 conference the release of vsociety, a social community for security professionals that aims to enable peer-to-peer networking and open-source collaboration on vulnerability research. In the short time since its inception, the vsociety community has proven itself as a valuable research hub, with multiple pieces of original research published exclusively to the cybersecurity social network. Among them, a new proof-of-concept exploit targeting Google SLO-Generator, posted by anonymous user … More