Search results for: vulnerability

virtual reality

How can SMBs extend their SecOps capabilities without adding headcount?

Which is more important for achieving organizational cybersecurity: security products or security people? The right answer to this (trick) question is that both are equally important. But while cybersecurity budgets are rising, most small and some midsize organizations looking to employ skilled cybersecurity professionals are often unable to match salaries offered by big enterprises in a job market where demand outstrips supply. Outsourcing security: What’s on offer? Fortunately, there is an alternative way for procuring … More

security platform

Finite State’s binary analysis enhances automated zero-day vulnerability detection

Vulnerabilities in the software supply chain are costing device manufacturers business. Threats like Treck TCP/IP and ThroughTek Kalay P2P SDK continue to emerge, and according to a recent Ponemon Institute report, nearly 60% of organizations have lost revenue due to product security concerns. Finite State has unveiled a way to reduce the business risk of those vulnerabilities through advanced binary analysis. Device manufacturers use board support packages (BSPs) and software development kits (SDKs) from third-party … More

Appointments

Onapsis appoints Sadik Al-Abdulla as CPO

Onapsis announced the appointment of Sadik Al-Abdulla as Chief Product Officer. In his role, Al-Abdulla will focus on the company’s platform vision, strategy, and execution, ensuring Onapsis continues to meet the growing demand for securing cloud, hybrid, and on-premises business-critical applications. As an executive leader of enterprise security businesses with more than 20 years of experience, Al-Abdulla brings the insight and expertise to help clients solve today’s most sophisticated security challenges. Prior to joining Onapsis, … More

Laura Hoffner

Insider threat does not have to be malicious, so how do you protect your organization?

In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about the causes of insider threat attacks and what companies can do to mitigate or even avoid them. In these particularly tumultuous times, when organizations are not really sure what the working arrangements will be, insider threats have become the issue to look out for. What is making businesses increasingly vulnerable to them? First, “insider threat” doesn’t necessarily mean that … More

Infosec products of the month: December 2021

Here’s a look at the most interesting products from the past month, featuring releases from Action1, AwareGO, BlackBerry, Box, Castellan Solutions, Cloudflare, Code42, Cossack Labs, F5 Networks, Immuta, IriusRisk, MetricStream, MobileSphere, Nerdio, NetQuest, Oxeye, Ping Identity, Pondurance, SentinelOne, Syxsense, Tenable, ThreatConnect, Tufin, Veriff, Verimatrix, and Zerto. Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling Tenable enhanced Terrascan, an open source cloud native security analyzer that helps developers secure Infrastructure as … More

bomb

Ransomware and terrorism: For security pros the threat is equal

Venafi announced the findings of a global survey of more than 1,500 IT security decision makers that reveals that 60% of security professionals believe ransomware threats should be prioritized at the same level as terrorism. These opinions echo the U.S. Department of Justice, which raised the threat level of ransomware following the Colonial Pipeline attack earlier this year. The study also found that less than one-third of respondents have implemented basic security controls that break … More

Log4j

4 practical strategies for Log4j discovery

For security teams scrambling to secure their organizations against Log4j exploitation, one of the first and most challenging tasks is understanding where Log4j exists within their environment. Without this understanding, any remediation efforts will be hamstrung from the get-go. Of course, this type of asset management can prove exceedingly difficult as Log4j is represented across thousands of products. Still, even missing one vulnerable instance of Log4j can leave an organization at risk, which is why … More

week in review

Week in review: Log4j new vulnerabilities, Microsoft patch bypass, 2022 e-commerce threat trends

Here’s an overview of some of last week’s most interesting news, articles and interviews: The Log4j saga: New vulnerabilities and attack vectors discovered The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j v2.15.0. Log4Shell is a dumpster fire that should have been avoided If basic IT hygiene guidance had been followed, Log4j would have easily been immune to this type … More

finance

Security and vulnerability management market size to reach $20.1 billion by 2027

The global security and vulnerability management market size is expected to reach $20.1 billion by 2027, rising at a market growth of 7.1% CAGR during the forecast period, according to ResearchAndMarkets. Security and vulnerability management refers to the process of identifying, analyzing, and eliminating vulnerabilities in networking hardware or software. In the past few years, this system has emerged as a crucial component for security in companies. Vulnerability management system takes help of test systems … More

Log4j

Log4Shell is a dumpster fire that should have been avoided

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files used by apps all over the world, from Microsoft’s Minecraft to Twitter to Tesla to Apple’s iCloud. This led to … More

security platform

Securonix Autonomous Threat Sweeper automates search for Log4j related activity

Securonix launched Securonix Autonomous Threat Sweeper (ATS) to all customers to help enterprises and managed service providers identify Log4j related activity. Due to the far-reaching impact of the Log4j/Log4Shell vulnerability, Securonix is making its automated and continuous scans for Log4j related indicators of compromise (IOC) and tactics, techniques, and procedures (TTP) available to customers free of charge for a limited time. “The Log4j vulnerability has put incredible stress on security teams as organizations are struggling … More

security platform

Lacework Cloud Care helps security teams uncover Log4j vulnerability

Lacework announced Lacework Cloud Care, a new, free rescue program for Security and DevOps professionals working to combat the Log4j exploit whether or not they are a Lacework customer. Lacework Cloud Care includes three complimentary program elements for organizations struggling to understand if their cloud environment is being exploited by the Log4j vulnerability: a Threat Hunter Assessment, a Coverage Booster for Lacework Customers and a support hotline. With any zero day vulnerability, it’s critical to … More