Search results for: software

lock

10 data security enhancements to consider as your employees return to the office

77% of IT decision makers across the United States and Canada believe their companies are likely to face a data breach within the next three years according to survey results released by Adastra. Survey respondents ranked data security as the biggest game changer in 2023 as companies continue to bolster their cybersecurity preparedness—68% of managers surveyed say their companies have a cybersecurity division and a further 18% report they are in the process of creating … More

Money

SpiderOak raises $16.4 million to protect space mission systems

SpiderOak has raised $16.4M in Series C round led by Empyrean Technology Solutions, a space technology platform backed by funds affiliated with Madison Dearborn Partners. The Series C round included additional investment from Method Capital, and OCA Ventures. The oversubscribed round further validates the immediate need for end-to-end cybersecurity solutions to protect space mission systems. “Today, space-based assets are mission essential in all civil and military operations and rapidly becoming mission critical for all national … More

fuzzing

Vulnerabilities in cryptographic libraries found through modern fuzzing

Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic protocols. CVE-2022-43974 and CVE-2022-42905 CVE-2022-43974 is a buffer overflow vulnerability found in MatrixSSL versions 4.5.1-4.0.0 that could allow information disclosure and remote code execution. It was discovered and reported by Robert Hörr and Alissar Ibrahim, security evaluators with Deutsche Telekom’s IT Security Evaluation … More

innovation

7 security predictions for 2023

What will the security landscape in 2023 look like? Here’s my take. 1. Attackers’ tactics will evolve, and defense strategies will evolve with them With online platforms and social media fully integrated into our daily routine, phishing and social engineering will continue to be a common cause of data breaches. Attackers will take advantage of remote and hybrid workers knowing that traditional security measures might not all be in place, and they will target identity … More

search

Maximizing data value while keeping it secure

How can organizations create an environment that allows the broadest access across distributed warehouses, databases, object stores and data exchanges, while at the same time maintaining consistent data oversight? There’s no single template for enacting robust and effective data controls. Still, it’s possible to build a unified data control framework that optimizes data sharing while elevating protection to a best practice level. Sharing the wealth It’s impossible to construct such a best-practice data framework without … More

bug

70% of apps contain at least one security flaw after 5 years in production

Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their report found that flaw build-up over time is such that 32% of applications are found to have flaws at the first scan and by the time they have been in production for five years, 70% contain at least one security flaw. With the cost of a data breach averaging $4.35 … More

Handshake

Ordr partners with GE HealthCare to secure clinical assets

Ordr has formed a collaboration with GE HealthCare to offer customers a solution leveraging Ordr’s platform for health systems. The solution addresses critical patient care challenges across three key stakeholder groups: biomedical and healthcare technology management (HTM) teams, giving them the granular visibility as well as performance and utilization insights they need to improve medical device management; IT teams, helping them to monitor network connectivity and performance, while mapping device communications flows; and security teams, … More

Cisco

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and CVE-2023-20026 is available online, but there is currently no indication of any of these flaws being exploited by attackers. About the vulnerabilities CVE-2023-20025 is an authentication bypass vulnerability in the web-based management interface of Cisco … More

ChatGPT

ChatGPT: The infosec assistant that is jack of all trades, master of none

ChatGPT from OpenAI is a conversational chatbot that was recently released in preview mode for research purposes. It takes natural language as an input and aims to solve problems, provide follow up questions or even challenge assertions depending on what you ask it. Surprisingly, as many security researchers have discovered, it makes a good infosec companion as it can do many tasks quite well, all while one is interacting with it naturally. Though there are … More

healthcare

Health3PT Council unites healthcare CISOs to solve third-party cyber risk

Amid heightened threats to the nation’s healthcare systems, more than 20 leading healthcare organizations have come together to identify effective, efficient, and new innovative approaches to reduce cyber risk across the healthcare industry’s third-party ecosystem. The Health 3rd Party Trust (Health3PT) Initiative and Council, is committed to bringing standards, credible assurance models, and automated workflows to solve the third-party risk management problem and advance the mission to safeguard sensitive information. Healthcare is one of the … More

binary

4 key shifts in the breach and attack simulation (BAS) market

The increase in the number of attack surfaces along with the rise in cybercriminal sophistication is generating technical debt for security operations centers (SOCs), many of which are understaffed and unable to dedicate time to effectively manage the growing number of security tools in their environment. Yet, regardless of these challenges, SOC teams are tasked to continuously evolve and adapt to defend against emerging, sophisticated threats. There are several major players in the BAS market … More