Search results for: vulnerability

Tufin releases Vulnerability-Based Change Automation App

Tufin released the Vulnerability-Based Change Automation App (VCA). The new app expands Tufin’s vulnerability management capabilities with automated vulnerability checks prior to approving network access changes. When combined with the Vulnerability Mitigation App (VMA), Tufin delivers a vulnerability management solution that allows customers to maintain additional control over their attack surface when making network changes. One of the challenges network teams face when setting a new security rule or enabling connectivity is ensuring that access … More

week in review

Week in review: Exchange Servers under attack, disinformation economics, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news and articles: How do I select a cloud security solution for my business? To select a suitable cloud security solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic. Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681) A critical, easy to exploit vulnerability (CVE-2021-22681) … More

CrowdStrike Falcon platform enhancements improve SOC efficiency

CrowdStrike announced enhancements to the CrowdStrike Falcon platform that significantly improve Security Operations Center (SOC) efficiency and effectiveness, allowing security teams to focus on critical priorities and fortify their organizations’ proactive stance against cyber threats. CrowdStrike customers can accelerate their security operational response with new notification workflows and Real Time Response (RTR) capabilities within the CrowdStrike Falcon platform, automating full-cycle incident response. These advancements are complemented by new user interface (UI) enhancements that let analysts … More

SIRP’s SOAR platform helps organizations reduce incident response time

SIRP announced the launch of its SOAR-as-a-Service offering. The cloud-based model provides a fast, flexible solution for enterprises and MSSPs who can access its single, centralised interface to gain valuable intelligence and context on threats, reducing incident response times from hours to minutes. SIRP’s SOAR platform is designed to help organizations struggling with a growing number of security alerts by helping teams decide where incident responders should focus their activity. Its risk-based approach uses machine … More

building

Security starts with architecture

The battle against hackers and threats is an arms race against highly motivated opponents, and with the number of attacks and threats continually growing, it’s impossible to achieve security by simply patching up a broken architecture with single, niche tools. The way security groups are typically structured to defend against and respond to threats is similarly flawed. There is an invariable disconnect between where and how security policies are framed, security is enforced, and security … More

dark

Cybercriminals innovate to find vulnerabilities that can be monetized

The global pandemic had a dramatic influence on the cybersecurity landscape in 2020. Cymulate, released its report on the 2020 security landscape and its impact on security teams. Top threats Highlights include: A significant uplift in awareness of phishing attacks across all industries as employees improved their high risk score from 66.3 in 2019 to a new low of 18.1 in 2020. (on a scale of 0-100) Overall unique threats in the wild increased two … More

Onapsis Platform for SAP SuccessFactors ensures security and compliance in the intelligent enterprise

Onapsis announced the general availability of support for SAP SuccessFactors in The Onapsis Platform. The new support enables customers to quickly discover, assess, prioritize, and eliminate SAP SuccessFactors’ misconfigurations, vulnerabilities and authorization issues that can put sensitive data and processes at risk while also potentially impacting the interconnected enterprise. SAP SuccessFactors is a leader in the cloud human capital management software market, with more than 400 enterprises going live with the solution in the first … More

Microsoft Exchange

Exchange Servers targeted via zero-day exploits, have yours been hit?

Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines. According to Volexity, the attacks have been going on for nearly two months, possibly even longer. Our team has been tirelessly working several intrusions since January involving multiple 0-day exploits in Microsoft Exchange. We've released the details of this threat activity alongside Microsoft's Out of … More

Amazon Alexa

Alexa Skills: Security gaps and data protection problems

With the voice commands “Alexa Skills,” users can load numerous extra functions onto their Amazon voice assistant. Amazon screens special voice assistant functions for security. However, scammers can circumvent this check. These Skills can often have security gaps and data protection problems, as a team of researchers from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum (RUB) and North Carolina State University discovered, together with a former PhD student who started to work … More

Axonius raises $100M to expand, innovate, and fuel market growth

Axonius announced it has raised $100 million in Series D funding, led by Stripes, a leading New York-based growth equity firm, as well as participation from existing investors Bessemer Venture Partners (BVP), OpenView, Lightspeed, and Vertex. Ken Fox, founder and partner at Stripes, will join the Axonius board of directors. This latest round follows a 2020 investment of $58 million, increasing total funding to $195 million at a greater than $1 billion valuation. “It’s always … More

industrial

Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681)

A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers (PLCs) and to install new (malicious) firmware, alter the device’s configuration, and so on. Due to these factors the vulnerability has received the maximum CVSS v3 severity score – 10.0. About the vulnerability (CVE-2021-22681) Rockwell Automation’s PLCs are used around the world to control industrial equipment. The flaw may allow an attacker to … More

cloud

How do I select a cloud security solution for my business?

Attackers increasingly strive to leverage cloud weaknesses that enable them to deliver malware to end users, gain unauthorized access to production environments or their data, or completely compromise a target environment. This strategy is known as a watering hole attack, and researchers have seen them emerge in cloud environments where they can cause even more damage. To select a suitable cloud security solution for your business, you need to think about a variety of factors. … More