Search results for: vulnerability
CodeSec CodeSec is a CLI based tool which brings Contrast’s enterprise-level security testing right to your laptop. It allows you to run real-time SAST or Serverless scans and receive actionable results in a matter of minutes. Defendify Essentials Package Assess your cyber risk, test your network, and improve awareness with essential tools from Defendify: Cybersecurity assessments: Assess your cyber strengths, weaknesses, and opportunities for improvement. Vulnerability scanning: Identify and prioritize vulnerabilities in your organization’s external … More →
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google seeks to make Cobalt Strike useless to attackers Google Cloud’s intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers. Fake subscription invoices lead to corporate data theft and extortion A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software … More →
A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, Guardio researchers have discovered. By abusing the fully-featured 14-day trial option for that hosted cloud service, scammers are already taking advantage of the platform at no cost, but the vulnerability could have allowed them to remove an alert that can break the illusion the scammers are trying to create. What is ConnectWise Control? ConnectWise … More →
For most organizations today, the threat surface is broad and getting broader. There are the obvious concerns like the user base, remote or BYOD computing, on-premises infrastructure, and cloud, SaaS, and virtual environments. But as companies and supply chains become more intertwined, CISOs need to look harder at off-prem and outsourced resources, or overseas suppliers and assets. The associated risk management programs are also constantly evolving, and that’s likely due to outside influences such as … More →
Perception Point announced the publication of a report, “The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels“, which evaluates the responses of security and IT decision-makers at large enterprises and reveals numerous significant findings about today’s enterprise threat landscape. One key takeaway is that organizations are paying a hefty $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers, meaning that … More →
Modern environments have become more dynamic and the need for equally progressive asset discovery techniques has intensified. The new Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 23-01 recognizes this fact. What is BOD 23-01? While it is only binding for US federal civilian agencies, the directive emphasizes the foundational asset discovery and intelligence capabilities all organizations must possess to be prepared for modern threats. Without the critical insight these capabilities provide, the … More →
The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security. CISA is in charge of enhancing cybersecurity and infrastructure protection at all levels of government, coordinating cybersecurity initiatives with American U.S. states, and enhancing defenses against cyberattacks. To assist businesses in enhancing their security capabilities, CISA offers free cybersecurity products and services. Cyber Hygiene Vulnerability Scanning You can register for this service by emailing vulnerability@cisa.dhs.gov. Scanning will start … More →
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: As trust in online spaces degrades, Canada bolsters resilience against cyber attacks In this Help Net Security interview, Sami Khoury, Head of the Canadian Centre for Cyber Security, talks about how Canada is addressing today’s top threats, touches upon his long career and offers tips for those new to the industry. Russian hacktivists hit Ukrainian orgs with ransomware – but … More →
Tufin releases Tufin Enterprise, which includes Tufin’s popular SecureCloud SaaS solution. The new release delivers a reimagined cloud-native security policy management console and a new integration with Microsoft Defender for Cloud. “We’ve worked closely with our customers to deliver more granular and flexible connectivity control in the cloud,” said Erez Tadmor, Director of Cloud Products at Tufin. “Tufin is the only agentless, multi-cloud solution that enables large and complex organizations to manage a hybrid-cloud security … More →
Cyera integrate with Wiz to provide prioritized attack surface minimization and automated remediation based on sensitive data exposure. Cyera leverages its Data Security Graph to help security teams quickly understand the blast radius that an active security threat or vulnerability represents, and how to respond to remediate the issue. “Wiz introduced a new approach to cloud security that enables organizations to embrace the cloud while reducing risk,” said Assaf Rappaport, CEO of Wiz. “Partnering with … More →
SecuriThings has strengthened its partnership with Axis Communications (Axis) to simplify and improve the operational management of physical security infrastructure. By introducing a deeper integration between Axis devices and the SecuriThings Horizon solution, the partnership helps customers gain end-to-end visibility and control — not only of their physical security devices, but also of these devices’ management systems and network dependencies. As a result, Axis and SecuriThings can better serve customers and allow systems integrators to … More →
For good reason, companies trust in encryption, blockchain, zero trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies are effectively hiding the keys that could undermine all these protections under a (figurative) doormat. Strong encryption is of little use when an insider or attacker can gain control of the private keys that protect it. This vulnerability exists when keys need to be executed on servers for processing. Encryption can … More →
