Search results for: vulnerability

Kali Linux

How Kali Linux creators plan to handle the future of penetration testing

Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security industry is definitely not limited to it. “Over 60% of Fortune 100 companies employ Offensive Security-trained professionals – that is definitely something for us to be proud of,” says its CEO, Ning Wang. The company’s main goal, according to her, is to train millions of professionals to embrace the … More

bomb

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack

Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. Collectively dubbed Amnesia:33 because they primarily cause memory corruption, these vulnerabilities may allow attackers to remotely compromise devices, execute malicious code, perform denial-of-service attacks, steal sensitive information or inject malicious DNS records to point a device to an attacker-controlled domain. About the vulnerable TCP/IP stacks The vulnerable open source TCP/IP stacks are PicoTCP, FNET, Nut/Net … More

Dragos raises $110M to support global customers across various industries

Dragos announced that it has secured $110 million in Series C funding from investors representing some of the world’s largest corporations. The round represents the most substantial investment-to-date for a company in the ICS/OT cybersecurity sector. The new funding will be used to support an expanding set of global customers across a diversity of industries – including electric, oil & gas, manufacturing, mining, chemicals, and transportation – and to accelerate the next stage of the … More

Red Balloon Security appoints David Doggett as Senior Strategist

Red Balloon Security announced the appointment of David Doggett as Senior Strategist for its growing industrial market. Doggett is the former Vice President Cybersecurity and Product Cybersecurity Officer at Schneider Electric, a $27 billion global vendor of electrical and industrial systems. He brings to the company over two decades of experience as a senior level manager and executive in cybersecurity development and innovation for the industrial automation, manufacturing, mining and power industries. “David’s senior role … More

patch

A light December 2020 Patch Tuesday for a no-stress end of the year

On this December 2020 Patch Tuesday: Microsoft has plugged 58 CVEs Adobe has delivered security updates for Lightroom, Experience Manager, and Prelude, and has announced that updates for Acrobat and Reader will be released sometimes this week SAP has released and updated 13 security notes Microsoft’s updates As expected, Microsoft fixed a smaller-than-usual number of CVEs on this December 2020 Patch Tuesday: 58 in total. Nine of these are “critical,” 46 “important,” and three are … More

D-Link DSR-1000AC router

D-Link routers vulnerable to remotely exploitable root command injection flaw

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw. These devices are commonly available on consumer websites/ecommerce sites such as Amazon, Best Buy, Office Depot and Walmart. Given the rise in work-from-home due to the pandemic, more employees may be connecting to corporate networks using … More

bank

Combating the virtual and physical threats banks face

The banking sector has always been at the center of criminal attention. Today, banks must contend with near-constant cyber attacks from organized criminal gangs, as well as highly skilled and well-resourced threat actors working on behalf of nation-states. In recent years we have seen multiple APT groups launching sophisticated attacks on financial institutions around the world. For example, there are the attacks on US and Saudi Arabian banks by APT33, believed to be funded by … More

5G

Most pros are concerned about cybersecurity risks related to 5G adoption

Most professionals say their organizations are concerned about cybersecurity risks related to 5G adoption (76.4% of professionals at organizations currently use 5G and 80.7% of professionals at organizations plan to adopt 5G in the year ahead), according to a Deloitte poll. “U.S. 5G bandwidth availability has expanded and accelerated considerably in recent months, offering competitive advantages technologically, financially and otherwise to early adopters,” said Wendy Frank, Deloitte Risk & Financial Advisory Cyber 5G leader and … More

MacBook Pro

How can companies secure a hybrid workforce in 2021?

This has been a uniquely transformative year. Prompted by a global pandemic, we’ve been forced to change many things about how we live, work, and relate. For most businesses, this means a rapid and comprehensive shift toward remote work. While more than half of all employees participated in a rapid transition to remote work, it’s clear that this is more than just a temporary change. According to a June survey by PwC, 83% of employees … More

USA

Techno-nationalism isn’t going to solve our cyber vulnerability problem

Against the backdrop of intensifying cyber conflicts and the rapidly evolving threat landscape, a new wave of techno-nationalism is being trumpeted from almost every corner of the world. The U.K. just announced it will ban the installation of Huawei 5G gear by the end of September 2021 and the FCC rejected a petition from ZTE asking for reconsideration of their finding that the Chinese company is a national security threat to communications networks. Meanwhile, ByteDance … More

Dell’s intrinsic security helps customers lower risk and become more cyber resilient

Dell Technologies brings intrinsic security to the forefront with new solutions and services that protect customers’ data. By building security into its supply chain, services, infrastructure and devices, Dell Technologies helps customers lower risk and become more cyber resilient. Organizations face increasing pressure to protect themselves and their customers as security risks intensify. The Dell Technologies 2020 Digital Transformation Index found that data privacy and cybersecurity concerns are the No. 1 barrier to digital transformation. … More

HackerOne making its debut in AWS Marketplace

HackerOne announced that it is making its debut in AWS Marketplace. Amazon Web Services (AWS) customers can now find and purchase services from HackerOne in AWS Marketplace, a curated digital catalog of software, data, and services that run on AWS. HackerOne is one of the first comprehensive security solutions providers to quote and contract services in AWS Marketplace. Cloud-native organizations and those migrating to the cloud need robust security solutions to ensure their cloud development … More