Search results for: vulnerability
Skybox Security appoints Mordecai Rosen as Chief Executive Officer and closes $50 million in financing from CVC Growth Funds, Pantheon, and J.P. Morgan. Mr. Rosen is a seasoned security technology executive with over 25 years of experience and will focus on driving company growth and accelerating the adoption of the Software-as-a-Service (SaaS) solution for Security Policy and Vulnerability Management. “CVC is incredibly pleased to bring on Mo as the new CEO of Skybox and to … More →
According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess The attacks started late last week and are still ongoing. Investigations point to a new family of ransomware dubbed ESXiArgs by the researchers – though, according to Paul Ducklin, Sophos Head of Technology for the Asia Pacific region, it should be just Args, as it’s a Linux program … More →
If there’s one thing people will remember about AI advances in 2022, it’ll be the advent of sophisticated generative models: DALL.E 2, Stable Diffusion, Midjourney, ChatGPT. They all made headlines – and they will change the way we work and live. Generative models will be integrated into the software we use every day. Sometime soon, we’ll be able to ask our email client to write a reply, ask our presentation software to generate an image … More →
Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look. “Exposed secrets have been used to gain control of stores, extort merchants and intercept customer payments,” say Sansec threat researchers. Searching for exposed backups The researchers have analyzed 2037 online stores of various sizes and running of various e-commerce platforms and found that 250 … More →
Flawed encryption logic used in Cl0p (Clop) ransomware’s Linux (ELF) variant has allowed SentinelOne researchers to create and release a free decryptor. “The [Cl0p] Windows variant encrypts the generated RC4 key responsible for the file encryption using the asymmetric algorithm RSA and a public key. In the Linux variant, the generated RC4 key is encrypted with a RC4 [hardcoded] ‘master-key’,” the researchers explained. The differences between Windows and Linux variants The Linux Cl0p variant is … More →
OPSWAT unveiled MetaDefender Kiosk K2100, a new, ultra-rugged mobile kiosk designed to keep critical networks secure in even the harshest conditions. “OPSWAT has a deep understanding of the challenges OT security teams face,” said Sid Snitkin, VP, Cybersecurity Services at ARC Advisory Group. “I am impressed with the comprehensive suite of security solutions and services the company offers to address those challenges, and I’m excited that our ARC Industry Leadership Forum attendees will get to … More →
Nozomi Networks and Industrial Defender have unveiled a strategic partnership to enhance the security of critical infrastructure and manufacturing facilities. The companies’ joint solution combines asset visibility and threat detection capabilities from Nozomi Networks with change and configuration monitoring from Industrial Defender to provide the most complete and detailed view of OT assets and behavior in the industry. “Collaborating with industry leaders is essential for effectively defending against the growing cyber threats against operational technology. … More →
Late last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Patches for CVE-2021-21974, a vulnerability in ESXi’s OpenSLP service, have been provided by VMware two years ago, and this attack has revealed just how many servers are out there are still unpatched, with the SLP service still running and the OpenSLP port (427) still … More →
Although ransomware campaigns declined quarter over quarter in 2022, primarily due to the collapse of more experienced cybercriminal groups, IT leaders still consider them to be the most worrying cyber threats. “Aside from ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023,” explains Ida Siahaan, research director, Info-Tech Research Group. “Furthermore, organizations are still facing the ongoing … More →
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Mounting cybersecurity pressure is creating headaches in railway boardrooms In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation. Critical OpenEMR vulnerabilities may allow attackers to access patients’ … More →
ExtraHop partners with Binary Defense to offer Reveal(x) 360, ExtraHop’s SaaS-based network detection and response (NDR) solution, as a managed service. As threats rapidly evolve, cybersecurity teams are finding themselves more strapped for resources than ever before, with shrinking budgets and widening talent gaps. Highlighting these concerns, ExtraHop’s 2022 Cyber Confidence Index cited training as a top challenge when it comes to defending against cyberattacks. To better address this vulnerability, ExtraHop and Binary Defense are … More →
Deepwatch and Trace3 announced Trace3 Managed Detection and Response (MDR) Services powered by Deepwatch. Together, Deepwatch and Trace3 will deliver end-to-end solutions that enable clients to keep pace with the dynamic cyber threat landscape and deliver exceptional service and security outcomes. In addition, Trace3 has selected Deepwatch as its MDR partner for protecting its internal environment. “We believe in Deepwatch’s capabilities and have chosen them as our MDR partner for protecting our own systems,” said … More →
