Search results for: vulnerability

Apple macOS iOS

Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)

Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability (CVE-2022-32917) exploited by attackers in the wild. About CVE-2022-32917 CVE-2022-32917, reported by an anonymous researcher, may allow a malicious application to execute arbitrary code with kernel privileges. “Apple is aware of a report that this issue may have been actively exploited,” the company said, and noted that the vulnerability has been remediated with improved bounds checks. The vulnerability … More

Kali Linux books

5 Kali Linux books you should read this year

Kali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering. Here is a selection of books for different experience levels, you can either start from scratch or get advanced tips – there’s something for everyone. Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like: The … More

World

Organizations should fear misconfigurations more than vulnerabilities

Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, services, and software are most prevalent on the internet and the systems and regions where they run, the research team discovered that misconfigurations and exposures represent 88% of the risks and vulnerabilities across the internet. “Assessing the state of the internet is crucial in understanding an organization’s own risks and … More

Handshake

NTT DATA and SecurityScorecard partner to provide cyber risk monitoring across the UK&I

NTT DATA UK&I and SecurityScorecard have partnered to accelerate the transformation of continuous cyber risk monitoring across industries across the UK and Ireland (UK&I). As part of the partnership, NTT DATA will deliver a posture evaluation report offering for clients, based on the SecurityScorecard platform. The report will combine NTT DATA’s consulting expertise with SecurityScorecard’s ratings and assessment capabilities to instantly rate, analyse and continuously monitor security risk for clients, as well as harden their … More

Qnap

Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)

QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage (NAS) devices and the vulnerability the attackers are exploiting (CVE-2022-27593). About CVE-2022-27593 CVE-2022-27593 exists because of an externally controlled reference that resolves to a resource that is outside of the intended control sphere, and affects the widely used Photo Station application. The vulnerability allows attackers to modify system files and, ultimately, install and deploy ransomware. According to … More

week in review

Week in review: Free online cybersec courses, Signal post-quantum upgrade, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: September 2022 Patch Tuesday forecast: No sign of cooling off September is here, and for most of us in the northern hemisphere, cooler temperatures are on the way. Unfortunately, the need to maintain and update our computer systems remains hot. DeadBolt is hitting QNAP NAS devices via zero-day bug, what to do? A few days ago – and smack in … More

ConnectWise Automate

High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP

ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or other processing resources. The severity of the vulnerability is merely “important”, as its exploitation requires additional access and/or privilege, but ConnectWise recommends administrators of on-premise instances to patch as soon as possible. The company did not actually say that the vulnerability is being exploited in the wild, but categorizes the priority … More

patch

September 2022 Patch Tuesday forecast: No sign of cooling off

September is here, and for most of us in the northern hemisphere, cooler temperatures are on the way. Unfortunately, the need to maintain and update our computer systems remains hot. August 2022 Patch Tuesday provided critical updates for all Microsoft operating systems as well as an unexpected update for Internet Explorer 11. These critical updates were driven by another zero-day vulnerability – CVE-2022-34713, found in the Microsoft Windows Support Diagnostic Tool (MSDT). There were also … More

security platform

N-able Private Portal adds an extra layer of security for sensitive and business-critical emails

N-able has introduced Private Portal, an extra layer of email security to help protect critical business data, to N-able Mail Assure. Private Portal, included with Mail Assure free of charge, sends a notification to recipients when they receive an email with business-critical information based on policies configured by the user or company. By clicking the link provided within the notification, recipients can view and reply to the sensitive emails within the Private Portal. End users, … More

security platform

Onapsis launches Threat Intel Center to simplify threat intelligence for security teams

Onapsis has launched the Onapsis Research Labs (ORL) Threat Intel Center. This solution connects the Onapsis Threat Intelligence Cloud, a global network of sensors and applications instrumented to capture the activity of attackers exploiting mission-critical applications, and deep research conducted by the ORL into a unified, detailed threat intelligence repository. While cybercrime is escalating and threatening business continuity, the cybersecurity skills shortage is only getting larger, with 62% of organizations reporting that their security teams … More

shield

With cyber insurance costs increasing, can smaller firms avoid getting priced out?

Cyber insurance is quickly becoming an unavoidable part of doing business as more organizations accept the inevitability of cyber risk. There is a growing awareness of the need to be prepared for the impact of devastating security incidents such as those caused by ransomware, just as a firm invests in coverage for potential physical threats such as fire or criminal damage. But while other potential disruptions benefit from stable insurance providers with decades or even … More

video call

Nation-state attacks are a growing threat to video conferencing

Zerify announced the findings of a survey that indicate that IT professionals are becoming increasingly concerned about the growing number of cyber threats and foreign attacks capable of impacting video conferencing. The survey, executed by Propeller Insights in July of 2022, involved 1,000 IT professionals – most of whom are at the director or C-Level (83.8%). With the White House’s executive order on improving the nation’s cybersecurity, video conferencing still has not been given the … More