Search results for: vulnerability
Ivanti announced three new integrated solutions: Ivanti Neurons Patch for MEM (Microsoft Endpoint Manager), Ivanti Neurons for Risk-Based Vulnerability Management, and the Digital Experience Score capability within Ivanti Neurons Workspace. With these releases, Ivanti continues to deliver on its mission of enabling and securing the Everywhere Workplace by helping customers to further manage, automate, and prioritize cybersecurity and deliver secure, contextualized, and productive employee experiences. Ivanti designed the Ivanti Neurons platform to help organizations address … More →
Zerto announced the findings of a ransomware study, revealing that gaps in readiness are seriously impacting the ability of many organizations to manage and recover from attacks. The research also underlines the increased risk to mitigation strategies presented by widespread skills shortages and over-reliance on internal resources. This indicates that, while organizations recognize that one of the best protections against a ransomware attack is the ability to recover from it, many are still struggling to … More →
Hillstone Networks released Hillstone CloudArmour, a comprehensive cloud workload protection platform (CWPP). CloudArmour brings Hillstone’s enterprise-grade security to cloud workloads with features that include firewall micro-segmentation to halt lateral attacks, machine learning-enhanced runtime behavior modeling, and smart policy operations. Working across all cloud-based environments, CloudArmour helps organizations meet the security demands of both the evolution of DevOps and the new cloud infrastructure architecture. “As cloud operations are being adopted at a rapid rate, it is … More →
Finite State is launching Finite State for Asset Owners. The purpose-built solution automates and solves the complex challenges asset owners face in maintaining device software supply chain visibility, including collecting and managing large repositories of Software Bills of Materials (SBOMs). According to The Wall Street Journal and Akamai Technologies, the Log4j vulnerability affected hundreds of millions of U.S. devices and saw an exploit attempt rate of 10 million devices an hour. Log4j remains a stark, … More →
Stellar Cyber announced a partnership under which CYRISMA now is fully integrated into the Stellar Cyber Open XDR platform. The CYRISMA integration brings a rich suite of asset management capabilities to the Stellar Cyber Open XDR platform, including: Vulnerability management Data classification tags by asset Asset secure configurations Additional risk data points through CYRISMA’s grading system “We at CYRISMA are very excited about our technology integration and go-to-market partnership with Stellar Cyber and its Open … More →
The war in Ukraine is in the second month of bloodshed and the broader impact of the conflict is being felt across the globe, as markets react to increased fuel prices and the consequences of Russia’s growing political and economic isolation. Thus far, the anticipated reaction of Russia to Western sanctions and material support for the Ukrainian military within the cyber domain seems to have been muted. However, on March 21, 2022, President Biden issued … More →
The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes recommendations. Vulnerability disclosure has become the focus of attention of cybersecurity experts engaged in strengthening the cybersecurity resilience of the European Union. The valid source of concern comes from the cybersecurity threats looming behind vulnerabilities, as demonstrated by the impact of the Log4Shell vulnerability. Security researchers and ethical hackers constantly scrutinise … More →
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and highlights trends in open source usage within commercial and proprietary applications and provides insights to help developers better understand the interconnected software ecosystem. The report also details the pervasive risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues. The findings underscore the fact … More →
Here’s an overview of some of last week’s most interesting news, articles and interviews: Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521) On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and another (CVE-2022-26904) for which there’s already a PoC and a Metasploit module. Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809) Since Microsoft’s latest … More →
Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy to see why: it may be exploited by unauthenticated, remote attackers to breach systems and by attackers that already have access to a system and want to hop on others on the same network. It can also be exploited without the vulnerable system’s user doing anything at all (aka “zero-click” exploitation). About … More →
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. About CVE-2022-22954 CVE-2022-22954 is, in effect, a server-side template injection vulnerability that can be triggered by a malicious actor with network access to achieve remote code execution. It was reported to VMware privately and a fix and a workaround for it was released on April 6, along with fixes for seven other … More →
In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow attackers to target packages for account takeover. Npm is the default package manager for Node.js, an open-source, crossplatform JavaScript runtime environment. The npm command line client allows users to access the npm Registry, which host a multitude of public and paid-for private packages. Recently, the npm Registry … More →
