Search results for: vulnerability

week in review

Week in review: Most effective security practices, worst password offenders, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, reviews, articles and podcasts: Open source vulnerabilities go undetected for over four years For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers’ practices regarding vulnerability reporting, alerting and remediation. How to reduce the risk of third-party SaaS apps Third-party SaaS apps (and extensions) can significantly extend the … More

patch

December 2020 Patch Tuesday forecast: Always consider the risk

The final Patch Tuesday of the year is upon us and what a year it has been. Forcing many changes this year, the pandemic has impacted the way we conduct both security and IT operations. But even with the need to support remote operations and new applications that enable coordinated communication, one important aspect has not changed – the need to focus on security risk. It’s easy to get consumed with troubleshooting performance issues, updating … More

StoneOS 5.5R8: Helping enterprises defend all their network entry points

Hillstone Networks announces a major upgrade in its flagship operating system, StoneOS 5.5R8, which features over one hundred critical updates for the most comprehensive, intelligent, reliable and easy-to-use security solution available for enterprises looking to defend all their network entry points today. “Today’s security landscape is more vulnerable than it has ever been; and businesses are scrambling to ensure that their workforce and critical assets are secure, regardless of access points,” Says Timothy Liu, CTO … More

open source

Open source vulnerabilities go undetected for over four years

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and developers’ practices regarding vulnerability reporting, alerting and remediation. The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed. Additional findings Security vulnerabilities can impact software directly or through its dependencies. After examining a year-worth of data collected through its dependency graph, the … More

risk

The three stages of security risk reprioritization

What began as a two-week remote working environment, due to COVID-19 has now stretched past the nine-month mark for many. The impact of telework on organizations can be felt across departments, including IT and security, which drove the almost overnight digital transformation that swept across the globe. While organizations across various sectors were faced with the challenge of maximizing their telework posture, those in government services had the extra burden of supporting employees who needed … More

cloud

Cloud native security: A maturing and expanding arena

At the recent KubeCon + CloudNativeCon North America 2020, I had the opportunity to take part in a keynote panel with a number of other cloud native security practitioners. We got questions on a wide range of cloud native security topics and through those and other talks at the conference, I’ve been able to identify some key concerns around container security and the wider cloud native ecosystem. It’s not just Kubernetes The Kubernetes project understandably … More

data

Consumers vastly misjudge the vulnerability of their home networks

Internet users in the United States vastly underestimate how often their home networks are targeted by cyber threats. That’s one of the key findings of a new Comcast report. Cyber threats growing numerous and complex Since January, nearly six billion cybersecurity threats have been blocked – representing an average of about 104 cybersecurity threats per home per month. “The cyber threats facing even the most lightly connected homes have grown so numerous and so complex, … More

SingleStore gives Nucleus Security needed scale and speed

SingleStore announced that it is supporting the Nucleus Security vulnerability assessment software-as-a-service offering for vulnerability management. “Enterprises often overlook threats due to the speed, size and complexity of data,” said Nucleus Security CEO Steve Carter. “But SingleStore delivers the speed and scale required to respond to vulnerabilities and threats as they occur. In addition to meeting our performance requirements on this front, SingleStore was painless for our developers – who were already familiar with SQL … More

How do I select a pentesting solution for my business?

Given the number of vulnerabilities that have gone global in the past few years, enterprises can’t afford to keep relying on reactive security. Just hoping that an alert doesn’t go off isn’t a strategy. Instead, groups should embrace penetration testing. For those unfamiliar with the concept, a typical pentest project consists of a pentester putting on their “evil person” hat and attacking a target, looking to infiltrate the organization in the way that a malicious … More

week in review

Week in review: Drupal-based sites open to attack, cPanel 2FA bypass vulnerability

Here’s an overview of some of last week’s most interesting news and articles: Challenges organizations face in combating third-party cyber risk A CyberGRX report reveals trends and challenges organizations of all sizes face in combating third-party cyber risk today. Each insight was gleaned from proprietary assessment data gathered from a sample of 4,000 third parties. cPanel 2FA bypass vulnerability can be exploited through brute force A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel … More

Drupal

Out-of-band Drupal security updates fix bugs with known exploits

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits for one of core’s dependencies and some configurations of Drupal are vulnerable.” The vulnerabilities (CVE-2020-28948, CVE-2020-28949) CVE-2020-28948 and CVE-2020-28949 are arbitrary PHP code execution vulnerabilities found in the open source PEAR Archive_Tar library, which Drupal uses to handle TAR files in PHP. “(The) vulnerabilities are possible if Drupal is configured to allow … More

money

Cyber insurance claims on the rise

External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a report from Allianz Global Corporate & Specialty (AGCS). The study analyzes 1,736 cyber-related insurance claims worth EUR 660mn (US$ 770mn) involving AGCS and other insurers from 2015 to 2020. “Losses from incidents such as distributed denial of service (DDoS) attacks or phishing … More