Search results for: vulnerability

patch

December 2022 Patch Tuesday forecast: Fine-tuning the connectivity

Microsoft wrapped up a lot of ‘loose ends’ last month with their November set of updates, but there is still some work to do before the end-of-year holiday season. The ProxyNotShell vulnerabilities were finally fixed, and we saw some improvements in the changes made to communication and authentication exchanges. However, there is some ‘fine tuning’ still needed based on the chatter from patch forums and articles in the news. Microsoft began introducing security hardening in … More

open source

Research reveals where 95% of open source vulnerabilities lie

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. Open source vulnerabilities As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies – open-source code packages that developers do not select, but are indirectly pulled into projects. This is the first report from Station 9, a research … More

security platform

Rezilion updates its vulnerability risk determination tool MI-X

Rezilion has updated MI-X, its open-source tool developed by Rezilion’s vulnerability research team. Available as a download from the Github repository, MI-X already has more than 100 stars on GitHub since its debut in August 2022. The CLI tool is a free, open-source companion to Rezilion’s enterprise solution for software supply chain security and helps researchers and developers identify if containers and hosts are impacted by a specific vulnerability, thus allowing organizations to target remediation … More

security platform

Palo Alto Networks Medical IoT Security protects connected medical devices

Palo Alto Networks has released Medical IoT Security — the zero trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies. Zero trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device. “The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For … More

security platform

Tufin R22-2 helps companies consolidate network and cloud connectivity management

Tufin R22-2 release of the Tufin orchestration platform broadens visibility and control across cloud platforms, providing support for Fortinet SD-WAN and delivering access change automation and application connectivity troubleshooting. Companies with large, complex networks are facing a unique set of pressures. Global economic uncertainty is pushing them to do more with less, while the speed of business demands the adoption of increasingly heterogeneous IT systems. As a result, network security professionals and architects are seeking … More

security platform

Action1 unveils AI-based threat actor filtering to prevent illicit usage of its service

Action1 announced that it has upgraded its service with AI-based detection of abnormal user behavior and automated blocking of threat actors. With this upgrade, the company aims to combat the growing threat of scams and cyberattacks in which hackers misuse legitimate tools to deploy ransomware in corporate environments or connect to individuals’ computers to steal money and data. The Action1 enhancement helps ensure that any attempt at misuse is identified and terminated before cybercriminals accomplish … More

Google Chrome

Google Chrome zero-day exploited in the wild (CVE-2022-4262)

Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild. No other technical details have been shared about this zero-day flaw, only that it was reported by security engineer Clement Lecigne of Google’s Threat Analysis Group (TAG), whose goal is to protect users from state-sponsored attacks and other advanced persistent threats. About CVE-2022-4262 With a “High” security … More

dark

Economic uncertainty will greatly impact the spread of cybercrime

Norton released its top cyber trends to watch in 2023, emphasizing that the economy will have the greatest impact on the spread of cybercrime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable. It’s expected that cybercriminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services … More

medical devices

Connected medical devices are the Achilles’ heel of healthcare orgs

The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra’s Medical IoT Survey of healthcare IT professionals. The survey also reveals that 67% of healthcare cyberattacks impact patient data and 48% impact patient care, an indication that rising security risks in the industry are leading to severe consequences in patient outcomes and privacy. The medical internet of things (IoT) is helping to make healthcare more convenient, efficient, and patient-centric. However, connected devices … More

week in review

Week in review: Log4Shell lingers, NIS2 directive adopted, LastPass breached (again)

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The top 200 most common passwords in 2022 are bad, mkay? According to NordPass’ latest list of top 200 most common passwords in 2022, “password” is the most popular choice, followed by “123456”, “123456789”, “guest” and “qwerty“. Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587) A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has … More

security platform

Phylum Automated Vulnerability Reachability strengthens software supply chain security

Phylum has added Automated Vulnerability Reachability to its software supply chain security platform capabilities. With the ability to focus only on fixing what matters, security pros can end the deluge of false positives and developers can innovate with greater speed and confidence. This new introduction, combined with Phylum’s ability to block and prioritize open-source code risks, provides organizations with the comprehensive software supply chain security. Vulnerabilities represent a clear and present danger to the integrity … More

cloud complexity

Don’t ignore the security risks of limitless cloud data

Over the past two decades, technology has evolved to make it easy and affordable for companies to collect, store and use massive amounts of data. From AWS to Google Cloud to Snowflake, even startups and small businesses can quickly establish a mature data practice and use unprecedented amounts of information to inform and streamline operations. The exponential growth in our ability to manage and use data has provided tremendous benefits to business and society alike. … More