Search results for: vulnerability

open source security

How businesses can bolster their cybersecurity defenses with open source

Open-source software enables better security for both large and small organizations. It is the foundation of today’s society and is found throughout a modern application stack, from the operating system to networking functions. It’s estimated that around 90% of organizations use open source in some way, according to GitHub’s 2022 Octoverse report. Open-source software can be examined by everyone, both attackers and defenders. But this does not necessarily give attackers the upper hand. Rather, it … More

Daniel Spicer

ChatGPT is a bigger threat to cybersecurity than most realize

A language-generating AI model called ChatGPT, available for free, has taken the internet by storm. While AI has the potential to help IT and security teams become more efficient, it also enables threat actors to develop malware. In this interview with Help Net Security, Daniel Spicer, Chief Security Officer for Ivanti, talks about what this technology means for cybersecurity. What are some reasons for concern regarding the application of AI to cybersecurity? The tech industry … More

security platform

Halo Security unveils KEV feature to improve attack surface visibility

Halo Security recently implemented a new feature to reduce the noise and improve attack surface visibility, helping customers identify active threats in the wild — known exploited vulnerabilities (KEVs) from the Cybersecurity and Infrastructure Security Agency (CISA) catalog — and giving them better insight into their own risk. The number of common vulnerabilities and exposures (CVEs) has grown each year since 2016, leaving security teams exceedingly burdened and constantly chasing vulnerabilities that may be considered … More

security platform

ThreatConnect Platform 7.0 enables organizations to modernize security operations

ThreatConnect released ThreatConnect Platform 7.0 designed specifically for TI Ops. The new release increases the effectiveness of threat intelligence analysts and security operations teams by bringing together the power of human analysis, ML-powered analytics and intelligence, and automation. “Legacy approaches to threat intelligence are no longer sufficient to protect the enterprise in a world of an expanding attack surface and increasing velocity and sophistication of threats,” said Andrew Pendergast, EVP of Product at ThreatConnect. “Security … More

vmware

Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704)

VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics. Reported by Trend Micro’s Zero Day Initiative, none of the flaws are currently exploited by attackers in the wild, but given threat actors’ predilection for targeting widely used VMware solutions, fixing these sooner rather than later is a good idea. About the vulnerabilities CVE-2022-31706 … More

Dritan Saliovski

How to tackle the cybersecurity skills shortage in the EU

The cybersecurity skills shortage is a global problem, but each region – including Europe or, more specifically, the EU – has distinct problems it has to tackle to solve it. In this Help Net Security Dritan Saliovski, Director – Nordic Head of Cyber M&A, Transaction Advisory Services at Aon, offers some pointers, as well as advice to organizations on how to attract and retain the best cybersecurity talent. The cybersecurity skills shortage is still a … More

Apple

Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856)

Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component (CVE-2022-42856) that could be exploited for remote code execution on older iPhones and iPads running iOS v12. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” the company said. CVE-2022-42856 was a zero-day vulnerability flagged by Clément … More

red

Understanding your attack surface makes it easier to prioritize technologies and systems

It has been observed that attackers will attempt to start exploiting vulnerabilities within the first fifteen minutes of their disclosure. As the time to patch gets shorter, organizations need to be more pragmatic when it comes to remediating vulnerabilities, particularly when it comes to prioritization. Organizations need to strike the balance of carrying out enough due diligence before patching, and then patching as quickly as possible to defend themselves against emerging threats. A few things … More

CVE

Extent of reported CVEs overwhelms critical infrastructure asset owners

The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. The report analyzes the 920+ CVEs released by CISA in the second half of 2022 to determine the following: Who is reporting the vulnerabilities? What remediations (if any) are available? What are the severity levels and potential impacts? How does the data compare to the CVEs reported … More

code

Trained developers get rid of more vulnerabilities than code scanning tools

An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security for over 60% of organizations that adopted it. Researchers also found that as many as 70% of organizations are missing critical security steps in their software development lifecycle (SDLC), highlighting a struggle with a ‘shift-left’ … More

cyber insurance

Cyber insurance can offset the risks of potential breaches

SMBs are aware of increasing cyber threats and allocating resources and investing in areas such as network and cloud security, according to Datto. Key takeaways from this survey include: About a fifth of IT budget is dedicated to security and many are seeing increases in budgets. 47% of SMBs plan to invest in network security in the next year. Over 50% of SMBs have implemented AV and email/spam protection, with network and cloud security as … More

Europe

EU cyber resilience regulation could translate into millions in fines

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection. According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 … More