Search results for: vulnerability

ThreatMapper

ThreatMapper: Open source platform for scanning runtime environments

Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments. Scanning runtime environments ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualizing threats to help organizations determine which to address and when. Taking threat feeds from more than 50 different sources, the comprehensive suite of ThreatMapper capabilities and features are available on … More

backup

Storage systems vulnerabilities: Act now to avoid disasters

Continuity issued a research report which provided an analysis of the vulnerabilities and misconfigurations of enterprise storage systems. The findings revealed that storage systems have a significantly weaker security posture than the other two layers of IT infrastructure: compute or network. These findings are alarming given the fact that, unlike an attack on individual endpoints or servers, which can cause problems, an attack that targets storage systems can be truly devastating. A compromise of a … More

Money

Shift5 raises $20M to secure commercial and military transportation fleet systems

Shift5 raised $20 million in Series A funding to provide enhanced cybersecurity and operational intelligence for today’s commercial fleet operators and military platforms. The round was led by 645 Ventures, with participation from Squadra Ventures, General Advance, and First In. Operational technology underpins critical infrastructure, enabling it to run continuously and reliably. Transportation fleets — aircrafts, railways, military vehicles — rely on OT to move millions of people, power the supply chain, and defend national … More

target

List of IT assets an attacker is most likely to target for exploitation

Randori released a report that identifies the most tempting IT assets that an attacker is likely to target and exploit. Leading up to the anniversary of the Solarwinds hack, and after a very tumultuous year in cybersecurity—especially with ransomware and supply chain attacks—the report wanted to understand the ongoing prevalence of internet-facing assets that contribute to these attacks. Top temptation trends One in 15 organizations currently runs a version of SolarWinds that is known to … More

bomb

Is the government’s response to cybersecurity threats enough for your organization?

With this year’s attacks against Colonial Pipeline and Kaseya, ransomware and its impact on infrastructure have been pushed to the forefront of American political consciousness. These cyber attacks brought pain to the public, driving a response from the White House. The response was followed more recently by memoranda from NIST and the Office of Management and Budget (OMB) clarifying definitions, procedures, and timeframes for the national security effort. Cybersecurity teams must not mistake following this … More

Patch Tuesday

Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)

On October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and three were publicly known before the release of the patches. Vulnerabilities of note Let’s start with CVE-2021-40449, a Windows bug that may be used to escalate privileges on an already compromised system. Its exploitation was detected and flagged by Boris Larin, a zero-day exploits hunter with Kaspersky. According to … More

zero

Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)

With the newest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is being actively exploited by attackers. About CVE-2021-30883 CVE-2021-30883 is a memory corruption issue in IOMobileFrameBuffer, a kernel extension for managing the screen framebuffer. The vulnerability may be exploited by an application to execute arbitrary code with kernel privileges, Apple explained. As per usual, Apple did not share more details about the flaw or the attack(s) exploiting it, and the researcher … More

Apache OpenOffice

Apache OpenOffice users should upgrade to newest security release!

The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document. About Apache OpenOffice Apache OpenOffice is an open-source office productivity suite that includes a word processor (Writer), a spreadsheet tool (Calc), a presentation editor (Impress), a vector graphics drawing editor (Draw), a mathematical formula editor (Math), and a database management program (Base). … More

AWS

AWS ransomware attacks: Not a question of if, but when

Ermetic announced the results of a study about the security posture of AWS environments and their vulnerability to ransomware attacks. In virtually all of the participating organizations, identities were found that, if compromised, would place at least 90% of the S3 buckets in an AWS account at risk. As more and more data moves to the cloud, platforms like AWS are becoming an attractive target for ransomware operators. While Amazon S3 is considered extremely reliable, … More

code

Strengthening firmware security with hardware RoT

Hackers are growing smarter and more sophisticated in their attempts to avoid detection. With IT security and visibility efforts still largely focused higher in the stack at the application layer, bad actors are seeking to breach systems further down the stack at the firmware level. Once inside the firmware, hackers can disable remote firmware updates, making it impossible to fix remotely and thus requiring the service of a technician with physical access to the hardware/firmware, … More

week in review

Week in review: Electronic warfare, cybersecurity career plan, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and interviews: October 2021 Patch Tuesday forecast: Halloween came early this year Halloween is not until the end of the month, but there has already been a lot of scary activity leading up to this patch Tuesday. PrintNightmare and Apple zero-days are just a few that have made the news. Security and trust in software remains top priority for buyers Faster decision making, … More

Software

Sontiq Digital Safety and Security features help families tackle identity crimes and cyberthreats

With the ongoing vulnerability of families succumbing to the exponential volume and velocity of identity crimes and cyberthreats, Sontiq announced an exclusive set of Digital Safety and Security features. These new features will be included in Sontiq’s Identity Theft Protection plans for families, including those under the IdentityForce product brand. With more than 1 million children having their identity stolen each year, identity and child safety experts agree that protecting the information of all family … More