Search results for: vulnerability

lock

How to improve public sector’s security strategy?

With international tensions heightened as we enter month eight of the war between Russia and Ukraine, it’s clear that a new era of intensifying state-sponsored attacks is upon us, especially those targeting public sector agencies and services. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare “Sheilds Up” warning earlier this year, highlighting the need for U.S. organizations to remain vigilant and safeguard their most important and sensitive assets. Later, CISA has also … More

lock

Q-Day doesn’t equal doomsday: Enacting an enterprise quantum security strategy

While Quantum Day, or “Q-Day,” may be five to ten years away, it is arriving faster than we would like. Q-Day represents the day that quantum computers will reliably use the superpositioning power of multi-state qubits to break encryption algorithms that are widely used around the world to enable e-commerce, data security and secure communications. Adversaries are already preparing for Q-Day by employing “collect now, decrypt later” strategies. With such threats on the horizon, many … More

100 dollars

SMBs are hardest-hit by ransomware

Coalition announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends, revealinig that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid. During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021. “Across industries, we continue to … More

Hand

Backlogs larger than 100K+ vulnerabilities but too time-consuming to address

Rezilion and Ponemon Institute announced the release of “The State of Vulnerability Management in DevSecOps,” which reveals that organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively. The finds 47% of security leaders report that they have a backlog of applications that have been identified as vulnerable. 66% say their backlog consists of more than 100,000 … More

Software

Rocket Support for Zowe enables developers to modernize and accelerate mainframe app development

Rocket Software has launched Rocket Support for Zowe, a supporting offering for the Open Mainframe Project’s Zowe open-source framework for z/OS and its multiple modern interfaces. Rocket Support for Zowe provides customers with 24/7 support for Zowe core components, improved security and desktop applications. Open-source software accelerates IBM Z application development and delivery through modern tools that drive automation and integration to and from the mainframe. However, without development support, it can create security and … More

Handshake

Adaptive Shield and Tenable joint solution helps organizations protect their SaaS stack

Adaptive Shield has joined forces with Tenable, to provide a consolidated posture management solution that correlates the risk of SaaS users and their endpoints. While SaaS providers build in security features, it is the company’s responsibility to cover all attack surfaces: from misconfigurations to identifying SaaS apps connected to the core SaaS app, while also detecting and remediating SaaS threats stemming from user devices with poor hygiene. By correlating Tenable’s vulnerability insights within Adaptive Shield’s … More

Handshake

Forescout and First Health Advisory partner to help organizations mitigate IT, IoT, OT, and IoMT risks

Forescout Technologies and First Health Advisory partnership creates an approach to connected asset risk management by automating the technical data collection, mitigation and risk reduction measures for a healthcare organization’s entire network that encompasses IT, IoT, OT, and IoMT assets. Healthcare organizations’ networks are under constant attack and often do not have the necessary human capital to oversee the work necessary to thwart a potential threat or attack through quick response. This challenge places added … More

Handshake

Westcon-Comstor signs EMEA distribution agreement with Proofpoint

Westcon-Comstor has signed a new distribution agreement with Proofpoint to extend the reach of Proofpoint’s cybersecurity and compliance solutions in the EMEA market. The initial focus will concentrate on certain high-growth countries and is set to expand, with a phased approach, to additional regions that would benefit from Westcon’s cybersecurity capabilities. Long-term hybrid work coupled with continuous employee turnover is creating risks for business leaders. In turn, managing and protecting data is a growing challenge … More

Patch Tuesday

Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)

September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day (CVE-2022-37969) exploited by attackers. About CVE-2022-37969 CVE-2022-37969 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver, and an attacker must already have access and the ability to run code on the target system (e.g., by exploiting another vulnerability or through social engineering) before trying to trigger it. “Post-exploitation flaws such … More

Apple macOS iOS

Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)

Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability (CVE-2022-32917) exploited by attackers in the wild. About CVE-2022-32917 CVE-2022-32917, reported by an anonymous researcher, may allow a malicious application to execute arbitrary code with kernel privileges. “Apple is aware of a report that this issue may have been actively exploited,” the company said, and noted that the vulnerability has been remediated with improved bounds checks. The vulnerability … More

Kali Linux books

5 Kali Linux books you should read this year

Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering. Here is a selection of books for different experience levels, you can either start from scratch or get advanced tips – there’s something for everyone. Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like: The … More

World

Organizations should fear misconfigurations more than vulnerabilities

Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, services, and software are most prevalent on the internet and the systems and regions where they run, the research team discovered that misconfigurations and exposures represent 88% of the risks and vulnerabilities across the internet. “Assessing the state of the internet is crucial in understanding an organization’s own risks and … More