Search results for: vulnerability

security platform

Trend Micro Cloud Sentry identifies threats in business-critical cloud infrastructure

Trend Micro has unveiled a new protection deployment model that delivers great value to both security and development teams. Trend Micro identifies threats in minutes and delivers security findings with no performance impact and without removing data from the customer environment. “Trend Micro is the largest player in the cloud workload security market,” said Philip Bues, Research Manager, Cloud Security at IDC. “Security teams are struggling to keep up with the rapid pace of development … More

free cybersecurity resources

7 free cybersecurity resources you need to bookmark

CodeSec CodeSec is a CLI based tool which brings Contrast’s enterprise-level security testing right to your laptop. It allows you to run real-time SAST or Serverless scans and receive actionable results in a matter of minutes. Defendify Essentials Package Assess your cyber risk, test your network, and improve awareness with essential tools from Defendify: Cybersecurity assessments: Assess your cyber strengths, weaknesses, and opportunities for improvement. Vulnerability scanning: Identify and prioritize vulnerabilities in your organization’s external … More

week in review

Week in review: 5 free CISA resources, surviving a DDoS attack, Google to make Cobalt Strike useless

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google seeks to make Cobalt Strike useless to attackers Google Cloud’s intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers. Fake subscription invoices lead to corporate data theft and extortion A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software … More

A flaw in ConnectWise Control spurred the company to make life harder for scammers

A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, Guardio researchers have discovered. By abusing the fully-featured 14-day trial option for that hosted cloud service, scammers are already taking advantage of the platform at no cost, but the vulnerability could have allowed them to remove an alert that can break the illusion the scammers are trying to create. What is ConnectWise Control? ConnectWise … More


Best practices for implementing a company-wide risk analysis program

For most organizations today, the threat surface is broad and getting broader. There are the obvious concerns like the user base, remote or BYOD computing, on-premises infrastructure, and cloud, SaaS, and virtual environments. But as companies and supply chains become more intertwined, CISOs need to look harder at off-prem and outsourced resources, or overseas suppliers and assets. The associated risk management programs are also constantly evolving, and that’s likely due to outside influences such as … More


Threat actors extend attack techniques to new enterprise apps and services

Perception Point announced the publication of a report, “The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels“, which evaluates the responses of security and IT decision-makers at large enterprises and reveals numerous significant findings about today’s enterprise threat landscape. One key takeaway is that organizations are paying a hefty $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers, meaning that … More


Future-proofing asset and vulnerability intelligence in response to CISA’s BOD 23-01

Modern environments have become more dynamic and the need for equally progressive asset discovery techniques has intensified. The new Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 23-01 recognizes this fact. What is BOD 23-01? While it is only binding for US federal civilian agencies, the directive emphasizes the foundational asset discovery and intelligence capabilities all organizations must possess to be prepared for modern threats. Without the critical insight these capabilities provide, the … More

CISA free resources

5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security. CISA is in charge of enhancing cybersecurity and infrastructure protection at all levels of government, coordinating cybersecurity initiatives with American U.S. states, and enhancing defenses against cyberattacks. To assist businesses in enhancing their security capabilities, CISA offers free cybersecurity products and services. Cyber Hygiene Vulnerability Scanning You can register for this service by emailing Scanning will start … More

week in review

Week in review: 5 Kali Linux tools, Spotify’s Backstage vulnerability, Cybertech NYC 2022

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: As trust in online spaces degrades, Canada bolsters resilience against cyber attacks In this Help Net Security interview, Sami Khoury, Head of the Canadian Centre for Cyber Security, talks about how Canada is addressing today’s top threats, touches upon his long career and offers tips for those new to the industry. Russian hacktivists hit Ukrainian orgs with ransomware – but … More

security platform

Tufin Enterprise simplifies cloud segmentation planning and management

Tufin releases Tufin Enterprise, which includes Tufin’s popular SecureCloud SaaS solution. The new release delivers a reimagined cloud-native security policy management console and a new integration with Microsoft Defender for Cloud. “We’ve worked closely with our customers to deliver more granular and flexible connectivity control in the cloud,” said Erez Tadmor, Director of Cloud Products at Tufin. “Tufin is the only agentless, multi-cloud solution that enables large and complex organizations to manage a hybrid-cloud security … More


Cyera partners with Wiz to accelerate cloud security

Cyera integrate with Wiz to provide prioritized attack surface minimization and automated remediation based on sensitive data exposure. Cyera leverages its Data Security Graph to help security teams quickly understand the blast radius that an active security threat or vulnerability represents, and how to respond to remediate the issue. “Wiz introduced a new approach to cloud security that enables organizations to embrace the cloud while reducing risk,” said Assaf Rappaport, CEO of Wiz. “Partnering with … More


SecuriThings and Axis join forces to improve customers’ end-to-end visibility and control

SecuriThings has strengthened its partnership with Axis Communications (Axis) to simplify and improve the operational management of physical security infrastructure. By introducing a deeper integration between Axis devices and the SecuriThings Horizon solution, the partnership helps customers gain end-to-end visibility and control — not only of their physical security devices, but also of these devices’ management systems and network dependencies. As a result, Axis and SecuriThings can better serve customers and allow systems integrators to … More