Search results for: vulnerability

New infosec products of the week: December 17, 2021

Here’s a look at the most interesting products from the past week, featuring releases from AwareGO, MetricStream, MobileSphere, Nerdio, Ping Identity, Pondurance, Syxsense, and Tufin. AwareGO Human Risk Assessment for Enterprise measures employees’ cybersecurity behavior Based on human-behavioral science, the cloud-based solution allows companies to measure employees’ knowledge and behavior across several recognized threat vectors, such as phishing, remote work, passwords, and more, ultimately quantifying the company’s cyber resilience. Nerdio adds backup and disaster recovery … More

security platform

Finite State’s enhanced search capability enables users to gain full visibility into their IoT devices

Finite State has released a search function for its platform that allows users to gain full visibility into their embedded devices and identify whether a known vulnerability is present. Internet of Things (IoT) devices have been black boxes whose security is notoriously difficult to verify. Traditionally, large companies would need more than 30 days for various business units and product teams to confirm a vulnerability in one of those devices. As we’ve seen demonstrated recently … More

Log4j

The impact of the Log4j vulnerability on OT networks

Operational Technology (OT) networks are at risk from the recently-announced Apache Log4j (CVE-2021-44228) vulnerability. On the surface, it is not clear why this should be. The vulnerability affects millions of web servers, allowing remote attackers to inject any code they wish into vulnerable Java applications on the Internet. The defect is being widely exploited in the wild, which is why security teams all over the world are scrambling to identify which of their web applications … More

security platform

Stratodesk NoTouch LTS helps IT teams ensure their VDI/DaaS deployment

Stratodesk released Stratodesk NoTouch Long Term Support (LTS), delivering security and Day One updates including the features enterprises need within their secure digital perimeter to ensure ongoing productivity without the need for full production approval testing. “Stratodesk NoTouch LTS allows for much quicker reaction to security threats and delivers unbridled flexibility to enterprise IT deployments,” says Stratodesk Founder and CEO Emanuel Pirker. “With rising security threats, such as the current Log4Shell issue, distributed teams, remote … More

security platform

Syxsense Secure protects businesses against the Log4j vulnerability

Syxsense announced the ability to scan for Log4j using Syxsense Secure, identifying endpoints that are exposed to this new vulnerability. “Although a number of popular IT management and security tools are vulnerable, Syxsense is pleased to confirm that it does NOT use Log4j,” commented Ashley Leonard, CEO of Syxsense. “It imperative that IT departments respond quickly to this new threat by scanning their environment and identifying exposed endpoints.” A vulnerability in Log4j which is a … More

Software

Checkmarx KICS integrates into GitLab 14.5 to manage IaC vulnerabilities

Checkmarx announced that its open source KICS (Keeping Infrastructure as Code Secure) solution has been integrated into version 14.5 of the GitLab DevOps Platform as an infrastructure-as-code scanning tool. Developed by Checkmarx and the open source community, KICS automatically parses infrastructure-as-code files of any type to detect insecure configurations that could expose applications, data and services to attack. The KICS integration built and maintained by GitLab offers all GitLab customers support for IaC scanning with … More

Handshake

NetWitness partners with Datashield to protect customers from Log4j Java security vulnerability

NetWitness announced that it is collaborating with Datashield to help customers identify the critical, zero-day security vulnerability in the Apache Log4j Java library and to take action to mitigate the impact of this vulnerability. NetWitness Network Detection and Response (NDR) technology provides Datashield with the visibility of where Log4j vulnerabilities exist, insight through a customized Packet Parser to identify if this vulnerability is being exploited within their monitored environment, and the ability to take prompt … More

Log4j

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. Johannes Ullrich, Dean of Research at the SANS Technology Institute, recently noted, “Log4Shell will continue to haunt us for years to come.” His advice? “Dealing with Log4Shell will be a marathon. Treat it as such.” So let’s see what’s the latest news that can impact your mitigation and remediation efforts. … More

Crystal Eye XDR

Product showcase: Is Crystal Eye XDR the most comprehensive security platform on the market?

In this product showcase, we look at Red Piranha’s Crystal Eye XDR platform. Red Piranha pioneered the integrated security service model back in 2015 with out of the box MDR and Incident Response capability, now known as XDR. Since then, the Crystal Eye XDR platform has expanded its feature set to cover Integrated Risk Management (IRM), as well as Endpoint Protection with its Crystal Eye Attack Surface Reduction (CEASR) App and an extended range of … More

Patch Tuesday

Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)

It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to deliver Emotet/Trickbot/Bazaloader malware family. Vulnerabilities of note in this patch batch Of the 67 CVE-numbered flaws, CVE-2021-43890 – a Windows AppX Installer spoofing vulnerability – will, understandably, be a patching priority. “CVE-2021-43890 allows an attacker to create a malicious package file and then modify it to look like a legitimate application, and … More

UKG

Ransomware hits HR solutions provider Kronos, locking customers out of vital services

The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group (UKG), one of the biggest HR and workforce management solutions providers in the US. Many organizations use Kronos for organizing workers’ schedules, tracking vacations, processing payroll and bonuses, etc. What happened? “As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting … More

Laura Hoffner

Modern cars: A growing bundle of security vulnerabilities

In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about modern car vulnerabilities, the techniques hackers are using to compromise connected vehicles and how to protect users. Cars are becoming increasingly smart and an extension to our mobile phones. How is this impacting users’ security and privacy? With the expansion of our technology in use, our vulnerability surface increases dramatically. Ultimately, this is yet another vulnerability to keep in … More