Search results for: vulnerability

ransomware payments

2021 average ransoms paid by quarter was $167K, down 44.2%

In reviewing the evolving cyber risk landscape, a Corvus Insurance report includes a breakdown of the impact of zero-days and third-party risk, updates on ransom severity, ransomware claims rate, and a review of recent key vulnerabilities. Ransomware claims, costs, and severity One of the best indicators of overall cybercrime activity is the rate of ransomware claims in the Corvus book of business. Based on claims data, after all of the dire headlines throughout 2021 the … More

security platform

Finite State Exploit Intelligence enables security teams to improve visibility into device software

Finite State launched its new Exploit Intelligence capability, enabling security practitioners to incorporate threat-based intelligence into product security prioritization. As the threat landscape grows, it becomes harder for device manufacturers to know which vulnerabilities to prioritize. Meanwhile, hackers are growing more sophisticated in their attacks and continue publishing exploit kits – collections of exploits that less sophisticated threat actors can deploy autonomously. According to cvedetails.com, more than 11% of almost 173,000 vulnerabilities in the National … More

Enclave

Product showcase: Enclave – using zero trust network access to simplify your networks

A huge number of Internet-accessible systems are protected by the principle of connect, then authenticate. This includes VPNs, web applications, databases, Windows Servers with RDP endpoints exposed, and more. Having a “private” system which is publicly-accessible means that connecting parties must connect before they can authenticate, an approach which means your private system is one phishing email, brute-force attempt or zero-day vulnerability away from being breached. Enclave is a new way to protect private systems. … More

Appointments

Industry leaders launch OT Cyber Coalition to protect critical infrastructure from growing threats

A diverse group of cybersecurity leaders joined together to launch the Operational Technology Cybersecurity Coalition (OT Cyber Coalition). Founding members include Claroty, Forescout, Honeywell, Nozomi Networks, and Tenable, each with decades of experience in building, protecting, and defending our nation’s industrial control systems and critical infrastructure assets. The OT Cyber Coalition advocates for vendor-neutral, interoperable, and standards-based cybersecurity solutions and works collaboratively with industry and government stakeholders on how to best deploy data-sharing solutions that … More

Patch Tuesday

Microsoft fixes actively exploited zero-day reported by the NSA (CVE-2022-24521)

On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and another (CVE-2022-26904) for which there’s already a PoC and a Metasploit module. Vulnerabilities of note CVE-2022-24521 is a vulnerability in the Windows Common Log File System Driver that was reported to Microsoft by the National Security Agency (NSA) and Adam Podlosky and Amir Bazine of Crowdstrike. “Since CVE-2022-24521 only allows a privilege … More

blockchain

Cybersecurity must be at the forefront of a blockchain project

In this video for Help Net Security, Dr. Dmitry Mikhailov, CTO at Farcana Metaverse, talks about cybersecurity in the crypto industry and the vulnerability of a blockchain project. Crypto industry is very young, but has a huge capitalization. Many companies all over the world try to introduce new services and minimize go to market time. All this race for new cybersecurity products, is leaving cybersecurity far behind. Many companies ignore time-consuming security measures, but at … More

week in review

Week in review: Disrupted Cyclops Blink botnet, public software apps at risk, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and interviews: April 2022 Patch Tuesday forecast: Spring is in the air (and vulnerable) March Patch Tuesday releases followed in the footsteps of February with low numbers of CVEs reported and resolved, and all updates rated as important except one critical update for Microsoft Exchange Server. Log4Shell exploitation: Which applications may be targeted next? Spring4Shell (CVE-2022-22965) has dominated the information security news these … More

patch

April 2022 Patch Tuesday forecast: Spring is in the air (and vulnerable)

March Patch Tuesday releases followed in the footsteps of February with low numbers of CVEs reported and resolved, and all updates rated as important except one critical update for Microsoft Exchange Server. Could April Patch Tuesday provide the deluge of critical updates we were expecting last month? Security enhancements for Windows 11 Microsoft has clearly been busy working on security improvements in multiple arenas. Earlier this week, they announced an extensive set of security enhancements … More

infosec products

New infosec products of the week: April 8, 2022

Here’s a look at the most interesting products from the past week, featuring releases from ColorTokens, Forescout, Fortinet, IBM, Imperva, Keysight Technologies, and Orca Security. IBM z16 protects data and systems against current and future threats IBM unveiled IBM z16, IBM’s next-generation system with an integrated on-chip AI accelerator—delivering latency-optimized inferencing. This innovation is designed to enable clients to analyze real-time transactions, at scale — for mission-critical workloads such as credit card, healthcare and financial … More

connection

Steady rise in severe web vulnerabilities

Invicti Security released a research which reveals a rise in severe web vulnerabilities and the need for executive leaders to intertwine their application security and digital transformation efforts to reduce risk. The report examines web vulnerabilities from over 939 customers worldwide and was derived from the largest data set yet, with more than 23 billion security checks executed on customer applications uncovering over 282,000 direct-impact vulnerabilities. The data shows that numerous commonplace and well-understood vulnerabilities … More

security platform

ColorTokens Xcloud allows enterprises to address cloud security challenges

ColorTokens launched a new product, Xcloud. Xcloud’s agentless, automated, and deep scanning technology finds the most elusive threats across cloud and container environments without disruption. Xcloud combines vulnerability management, malware detection, and compliance monitoring all in one platform, saving time, resources, and cost. Customers worldwide can now gain access to Xcloud directly from AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, … More

Hand

How often do developers push vulnerable code?

A Tromzo report reveals developers remediate only 32% of vulnerabilities and regularly push vulnerable code. The report was based on a survey of more than 400 U.S.-based developers who work at organizations where they currently have CI/CD tools in place. “These findings show that developers regularly ignore security issues, but can we really blame them?” said Tromzo CTO Harshit Chitalia. “Security teams are bombarding them with an endless stream of issues that need to be … More