Search results for: vulnerability

week in review

Week in review: Microsoft fixes many zero-days, malicious droppers on Google Play, IRISSCON 2022

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Taking cybersecurity investments to the next level In this Help Net Security interview, the former Trident Capital leader offers insight into innovation in the cybersecurity market, M&A activity, pitching to VCs, and more. Microsoft fixes many zero-days under attack November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark … More

security platform

Blackpoint Cyber releases three product features to strengthen security posture for organizations

Blackpoint Cyber has released three product features this fall to defend ever-evolving work environment from cyberthreats. “I am consistently blown away by the Blackpoint Cyber team. Our desire to improve the security posture for our partners is an ongoing journey as we continue to expand an ecosystem of products which address the needs of MSPs and customers in todays’ dynamic threat landscape. As someone with previous experience in the MSP space, it is refreshing to … More

New infosec products of the week: November 11, 2022

Here’s a look at the most interesting products from the past week, featuring releases from Acronis, Flashpoint, ImmuniWeb, Lacework, Picus Security, and Vanta. Flashpoint’s ransomware prediction model enables security teams to remediate vulnerabilities Flashpoint’s ransomware prediction model determines a Ransomware Likelihood rating that’s derived from a combination of factors, including exploit availability, attack type, impact, disclosure patterns, and other characteristics captured by VulnDB. This intelligence is critical to vulnerability management teams who often lack the … More

data

How can CISOs catch up with the security demands of their ever-growing networks?

Vulnerability management has always been as much art as science. However, the rapid changes in both IT networks and the external threat landscape over the last decade have made it exponentially more difficult to identify and remediate the vulnerabilities with the greatest potential impact on the enterprise. With a record of 18,378 vulnerabilities reported by the National Vulnerability Database in 2021 and an influx of new attack techniques targeting increasingly complex and distributed environments, how … More

security platform

Flashpoint’s ransomware prediction model enables security teams to remediate vulnerabilities

Flashpoint announced a ransomware prediction model that allows vulnerability management teams to improve remediation efforts that could prevent cyber extortion events with VulnDB. According to the U.S. Treasury Department, financial institutions filed $1.2B in ransomware-related costs in 2021, nearly double the amount reported by banks in 2020. In order to help organizations proactively prevent a ransomware attack, Flashpoint’s latest capability enables vulnerability management teams to identify the likelihood that a particular vulnerability could be used … More

Appointments

Gerhard Eschelbeck joins Acalvio Board of Directors

Acalvio Technologies announced the appointment of Gerhard Eschelbeck to its board of directors. One of the most widely regarded experts on cybersecurity, network and system security, Eschelbeck previously served as Vice President Security and Privacy Engineering and CISO at Google and is currently Chief Information Security Officer at Kodiak Robotics. “Eschelbeck is an experienced leader in the cybersecurity space credited with launching inventive and successful companies. His passion for championing new technologies and developing successful … More

spotlight

Red, purple, or blue? When it comes to offensive security operations, it’s not just about picking one color

When people find out that I’ve spent much of my career being hired by companies to steal their secrets, they usually ask, “Are we doing enough? Do we need a red team?” The latter is not a question with a simple “yes” or “no” answer. Many companies want a red team to see how they would respond to a real targeted attack, but also because it’s cool to say to colleagues that hackers are lurking … More

wolf

How ransomware gangs and malware campaigns are changing

Deep Instinct released its 2022 Bi-Annual Cyber Threat Report which focuses on the top malware and ransomware trends and tactics from the first half of 2022 and provides key takeaways and predictions for the ever-evolving cybersecurity threat landscape. “2022 has been another record year for cyber criminals and ransomware gangs. It’s no secret that these threat actors are constantly upping their game with new and improved tactics designed to evade traditional cyber defenses,” said Mark … More

security platform

Lacework enhances CNAPP capabilities with attack path analysis and agentless vulnerability scanning

Lacework announced new cloud-native application protection platform (CNAPP) capabilities for the Polygraph Data Platform that provide improved attack path analysis and agentless workload scanning for secrets and vulnerabilities. These capabilities provide better visibility into today’s increasingly complex security environment, enabling organizations to instantly understand what matters so they can triage and respond faster. According to the latest Lacework Cloud Threat Report, attackers are rapidly increasing in sophistication, with a particular focus on infrastructure. Attackers constantly … More

security platform

Cybellum’s automated VEX generation capability enables security teams to focus on high risk threats

Cybellum announces automated Vulnerability Exploitability Exchange (VEX) generation capability, enhancing product security and facilitating vulnerability information sharing across the supply chain. In conjunction with Cybellum’s automated SBOM creation, manufacturers and asset owners can now automatically discover vulnerabilities within their devices and preemptively determine the risk level and exploitability of these vulnerabilities. This will significantly reduce the number of vulnerabilities that require immediate attention, enabling resources to be allocated only to the high risk threats. Software … More

Appointments

Finite State hires Larry Pesce as Product Security Research and Analysis Director

Finite State has hired Larry Pesce as its Product Security Research and Analysis Director. Pesce will serve as a senior consultant, providing expert guidance and services to product security teams worldwide, including product security program design and development, product red-teaming and penetration testing, software supply chain risk management, and vulnerability management. Recent research from the Ponemon Institute indicates that six of every ten organizations find it increasingly difficult to quickly respond to new vulnerability disclosures … More

Appointments

Bugcrowd appoints Dave Gerry as CEO

Bugcrowd announced the appointment of Dave Gerry as Chief Executive Officer (CEO). As CEO, Gerry will oversee operations, drive growth and profitability, and manage the company’s overall strategy. This appointment follows another year of rapid growth for the company, which has experienced record customer adoption of its crowdsourced cybersecurity solutions and represents the next step in Bugcrowd’s global expansion strategy. Bugcrowd partners with hundreds of clients including: CISA/Department of Homeland Security, BigCommerce, Monash University, TX … More