Search results for: vulnerability

week in review

Week in review: 5 Kali Linux tools, Spotify’s Backstage vulnerability, Cybertech NYC 2022

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: As trust in online spaces degrades, Canada bolsters resilience against cyber attacks In this Help Net Security interview, Sami Khoury, Head of the Canadian Centre for Cyber Security, talks about how Canada is addressing today’s top threats, touches upon his long career and offers tips for those new to the industry. Russian hacktivists hit Ukrainian orgs with ransomware – but … More

security platform

Tufin Enterprise simplifies cloud segmentation planning and management

Tufin releases Tufin Enterprise, which includes Tufin’s popular SecureCloud SaaS solution. The new release delivers a reimagined cloud-native security policy management console and a new integration with Microsoft Defender for Cloud. “We’ve worked closely with our customers to deliver more granular and flexible connectivity control in the cloud,” said Erez Tadmor, Director of Cloud Products at Tufin. “Tufin is the only agentless, multi-cloud solution that enables large and complex organizations to manage a hybrid-cloud security … More


Cyera partners with Wiz to accelerate cloud security

Cyera integrate with Wiz to provide prioritized attack surface minimization and automated remediation based on sensitive data exposure. Cyera leverages its Data Security Graph to help security teams quickly understand the blast radius that an active security threat or vulnerability represents, and how to respond to remediate the issue. “Wiz introduced a new approach to cloud security that enables organizations to embrace the cloud while reducing risk,” said Assaf Rappaport, CEO of Wiz. “Partnering with … More


SecuriThings and Axis join forces to improve customers’ end-to-end visibility and control

SecuriThings has strengthened its partnership with Axis Communications (Axis) to simplify and improve the operational management of physical security infrastructure. By introducing a deeper integration between Axis devices and the SecuriThings Horizon solution, the partnership helps customers gain end-to-end visibility and control — not only of their physical security devices, but also of these devices’ management systems and network dependencies. As a result, Axis and SecuriThings can better serve customers and allow systems integrators to … More


Why companies can no longer hide keys under the doormat

For good reason, companies trust in encryption, blockchain, zero trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies are effectively hiding the keys that could undermine all these protections under a (figurative) doormat. Strong encryption is of little use when an insider or attacker can gain control of the private keys that protect it. This vulnerability exists when keys need to be executed on servers for processing. Encryption can … More

security platform

BitSight Third-Party Vulnerability Detection increases visibility into vendor risk

BitSight has enhanced its Third-Party Risk Management (TPRM) platform to provide additional insights to customers, helping them to more proactively detect and mitigate vulnerabilities and exposure across their third-party vendor ecosystem. BitSight also expanded its Fourth-Party Risk Management solution to increase visibility into risk across an organization’s extended supply chain and to help manage and prioritize mitigation efforts more efficiently. Third-Party Vulnerability Detection helps organizations to uncover, attribute, and prioritize vulnerabilities and exposures. Risk managers … More


Deepwatch partners with ePlus to provide organizations with managed security services

Deepwatch announced that ePlus Technology will begin offering Deepwatch’s managed security solutions as it helps organizations build and implement vital security programs. “We are excited to partner with ePlus in bringing cybersecurity solutions to more organizations,” said Lori Cornmesser, Senior Vice President of Global Channel Sales and Alliances at Deepwatch. “Together, ePlus and Deepwatch’s industry-leading MDR services offer a compelling value proposition to customers and partners. Our unique cloud-based SecOps platform delivers managed cybersecurity solutions … More


Swimlane and Nozomi Networks integration elevates the protection of OT and critical infrastructure

Swimlane and Nozomi Networks have announced a technology integration that combines low-code security automation with operational technology (OT) and Internet of Things (IoT) security. The combined solution makes it possible for industrial and critical infrastructure security operations to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points. Critical infrastructure environments such as healthcare, utilities, transportation and food production are increasingly seen as vulnerable and lucrative targets based … More


SSVC: Prioritization of vulnerability remediation according to CISA

Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achieve. The US Cybersecurity and Infrastructure Security Agency (CISA) regularly publishes lists of the most exploited vulnerabilities and keeps a regularly updated Known Exploited Vulnerabilities catalog everyone is welcome to use, but as helpful as these resources are, organizations usually stumble … More


Critical vulnerability in Spotify’s Backstage discovered, patched

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one of the most popular open-source platforms for building developer portals and is in widespread use by Spotify, American Airlines, Netflix, Splunk, Fidelity Investments, Epic Games, Palo Alto Networks and many others. It unifies all infrastructure … More


Top enterprise email threats and how to counter them

A research from Tessian, the State of Email Security Report, found that enterprise email is now the No. 1 threat vector for cyberattacks. According to the report, 94% of organizations experienced a spear phishing or impersonation attack, and 92% suffered ransomware attacks over email this year. Organizations send and receive thousands of emails per day, making email a massive vulnerability for the enterprise and opening the door for advanced attacks like spear phishing, impersonation and … More


Key cybersecurity trends in the energy sector

The key trends for the energy industry are about how we manage the future supply and demand challenges at a much more granular level than we are currently able to do. If we’re ever to balance the supply and demand equation against the backdrop of increased consumer demands (electric vehicles, mass transport systems, electrification of home heating systems, etc.), and the increased complexity in the generation, distribution and storage systems, this supply and demand will … More