Search results for: vulnerability


The future of security protocols for remote work

Cybercrime has been growing rapidly for years, and the sudden pandemic-fueled shift to work from home (WFH) only accelerated the threat, forcing businesses to start putting a real focus on establishing solid security protocols and building a strong relationship with their cybersecurity vendors. In such a landscape, we can expect to see an influx of even more cybersecurity startups cropping up to join the many that already exist. We see especially great potential in cybersecurity … More


The rising threat of cyber criminals targeting cloud infrastructure in 2022

In the world of cybersecurity, combating threats is like playing endless, hyper-advanced, multidimensional Whack-A-Mole: new threats are always emerging, often from unexpected sources, and trying to keep up can feel impossible. The threats are constantly shifting, subject to trends in cryptocurrency use, geopolitics, the pandemic, and many other things; for this reason, a clear sense of the landscape is essential. Below, you’ll find a quick guide to some of the most pressing threats of the … More


Flashpoint acquires Risk Based Security to help businesses detect emerging cyber risks

Flashpoint announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’s collections and technology into the Flashpoint platform offers a wide range of cybersecurity practitioners—including cyber threat intelligence (CTI), vulnerability management, DevSecOps, and vendor risk management teams—the contextual threat intelligence and automation they need to detect, prioritize, and thwart emerging cyber risks rapidly and holistically. “I … More


Pentera raises $150 million to grow its global operations and product line

Pentera announced it has raised $150 million in Series C funding led by K1 Investment Management, with participation from Evolution Equity Partners and Insight Partners. Additional investors include Awz Ventures, a Canadian-Israeli VC group, and Blackstone. The round brings Pentera’s valuation to $1 billion after only three years in the market since the debut of its automated penetration testing technology. The funding makes Pentera the highest-valued company in its category. With more than 400 enterprise … More


2022 promises to be a challenging year for cybersecurity professionals

I am very glad to turn the page on 2021, however, I am not optimistic that 2022 will be remarkably better. I am hopeful that President Biden’s Executive Order 14028 and the Department of Homeland Security’s (DHS’s) Binding Operational Directive 22-01 (BOD 22-01) will help improve our cybersecurity practices and bolster our resilience, especially for mission critical and infrastructure protection. These mandates outline: Enhanced practices for prioritization and remediation of risk-based vulnerabilities, focusing on those … More

security platform

NormCyber smartbloc. offers visibility over cyber and data protection risks

NormCyber launched smartbloc., a fully managed service that provides businesses with complete visibility and control over both cyber and data protection risks. Each smartbloc. customer will be allocated their own Cyber Resilience Score, which has been designed to give business and technology leaders a near real-time view of the level of risk facing their organizations, as well as actionable insights on how to reduce their exposure. Reducing the risks associated with processes, people and technology … More

Patch Tuesday

Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)

The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server (CVE-2022-21907). Vulnerabilities of note Among the publicly known flaws are a “critical” RCE in curl (CVE-2021-22947) and “important” RCE in libarchive (CVE-2021-36976) open source libraries, which have now been “fixed” in Windows 10, 11 and Server with the inclusion of the most recent versions of the libraries. But these … More


Small businesses are most vulnerable to growing cybersecurity threats

Many small and medium-sized businesses (SMBs) mistakenly assume (hope?) their size makes them a less appealing target to hackers, without realizing cyber criminals are eager to exploit the unique characteristics that make them even more vulnerable to cyber-attacks. While protecting digital resources may be easy for large companies that can afford to hire in-house cybersecurity staff and establish threat monitoring and endpoint detection infrastructure, this endeavor can often seem impossible for SMBs. All the while, … More


Eight resolutions to help navigate the new hybrid office model

Continuous review and improvement are crucial for a successful security program. As this year draws to a close, it is a good time to look back on 2021 and prepare a few resolutions for the new year. Adapting to the pandemic-created hybrid office model has proven to be one of the biggest challenges. I expect that securing a remote workforce, the growth of applications and services in the cloud, and improving security controls over the … More

week in review

Week in review: Discussing cybersecurity with the board, APT-style attacks, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and interviews: January 2022 Patch Tuesday forecast: Old is new again Let’s look at some recent events which will be influencing this month’s patch releases. Ransomware attacks decrease, operators started rebranding Positive Technologies experts have analyzed the Q3 2021 cybersecurity threatscape and found a decrease in the number of unique cyberattacks. However, there’s been an increase in the share of attacks against individuals, … More


January 2022 Patch Tuesday forecast: Old is new again

Welcome to 2022 and a new year of patch management excitement! I’m rapidly approaching 40 years working in this industry and I can honestly say there is rarely a dull day. If you are willing to take on the challenges presented, it is a great industry to work in and I hope you all are excited to start the new year too. Let’s look at some recent events which will be influencing this month’s patch … More


The Log4j debacle showed again that public disclosure of 0-days only helps attackers

On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on fire and sent companies scrambling to mitigate, patch and then patch again as additional PoCs appeared. Public vulnerability disclosure – i.e., the act of revealing to the world the existence of a bug in a piece of software, a library, extension, etc., and releasing a … More