Search results for: vulnerability

key

Why companies can no longer hide keys under the doormat

For good reason, companies trust in encryption, blockchain, zero trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies are effectively hiding the keys that could undermine all these protections under a (figurative) doormat. Strong encryption is of little use when an insider or attacker can gain control of the private keys that protect it. This vulnerability exists when keys need to be executed on servers for processing. Encryption can … More

security platform

BitSight Third-Party Vulnerability Detection increases visibility into vendor risk

BitSight has enhanced its Third-Party Risk Management (TPRM) platform to provide additional insights to customers, helping them to more proactively detect and mitigate vulnerabilities and exposure across their third-party vendor ecosystem. BitSight also expanded its Fourth-Party Risk Management solution to increase visibility into risk across an organization’s extended supply chain and to help manage and prioritize mitigation efforts more efficiently. Third-Party Vulnerability Detection helps organizations to uncover, attribute, and prioritize vulnerabilities and exposures. Risk managers … More

Handshake

Deepwatch partners with ePlus to provide organizations with managed security services

Deepwatch announced that ePlus Technology will begin offering Deepwatch’s managed security solutions as it helps organizations build and implement vital security programs. “We are excited to partner with ePlus in bringing cybersecurity solutions to more organizations,” said Lori Cornmesser, Senior Vice President of Global Channel Sales and Alliances at Deepwatch. “Together, ePlus and Deepwatch’s industry-leading MDR services offer a compelling value proposition to customers and partners. Our unique cloud-based SecOps platform delivers managed cybersecurity solutions … More

Handshake

Swimlane and Nozomi Networks integration elevates the protection of OT and critical infrastructure

Swimlane and Nozomi Networks have announced a technology integration that combines low-code security automation with operational technology (OT) and Internet of Things (IoT) security. The combined solution makes it possible for industrial and critical infrastructure security operations to maintain continuous asset compliance and mitigate the risks of attacks from combined OT and IT entry points. Critical infrastructure environments such as healthcare, utilities, transportation and food production are increasingly seen as vulnerable and lucrative targets based … More

CISA

SSVC: Prioritization of vulnerability remediation according to CISA

Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achieve. The US Cybersecurity and Infrastructure Security Agency (CISA) regularly publishes lists of the most exploited vulnerabilities and keeps a regularly updated Known Exploited Vulnerabilities catalog everyone is welcome to use, but as helpful as these resources are, organizations usually stumble … More

Backstage

Critical vulnerability in Spotify’s Backstage discovered, patched

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one of the most popular open-source platforms for building developer portals and is in widespread use by Spotify, American Airlines, Netflix, Splunk, Fidelity Investments, Epic Games, Palo Alto Networks and many others. It unifies all infrastructure … More

email

Top enterprise email threats and how to counter them

A research from Tessian, the State of Email Security Report, found that enterprise email is now the No. 1 threat vector for cyberattacks. According to the report, 94% of organizations experienced a spear phishing or impersonation attack, and 92% suffered ransomware attacks over email this year. Organizations send and receive thousands of emails per day, making email a massive vulnerability for the enterprise and opening the door for advanced attacks like spear phishing, impersonation and … More

energy

Key cybersecurity trends in the energy sector

The key trends for the energy industry are about how we manage the future supply and demand challenges at a much more granular level than we are currently able to do. If we’re ever to balance the supply and demand equation against the backdrop of increased consumer demands (electric vehicles, mass transport systems, electrification of home heating systems, etc.), and the increased complexity in the generation, distribution and storage systems, this supply and demand will … More

Kali Linux tools

5 Kali Linux tools you should learn how to use

Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing. Kali Linux also comes with several hundred specialized tools for carrying out penetration testing, security research, computer forensics, reverse engineering, vulnerability management, and red team testing. Here are 5 you should learn how to use. Aircrack-ng Aircrack-ng is a complete suite of tools to assess Wi-Fi network security, focusing on: Monitoring: … More

week in review

Week in review: Microsoft fixes many zero-days, malicious droppers on Google Play, IRISSCON 2022

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Taking cybersecurity investments to the next level In this Help Net Security interview, the former Trident Capital leader offers insight into innovation in the cybersecurity market, M&A activity, pitching to VCs, and more. Microsoft fixes many zero-days under attack November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark … More

security platform

Blackpoint Cyber releases three product features to strengthen security posture for organizations

Blackpoint Cyber has released three product features this fall to defend ever-evolving work environment from cyberthreats. “I am consistently blown away by the Blackpoint Cyber team. Our desire to improve the security posture for our partners is an ongoing journey as we continue to expand an ecosystem of products which address the needs of MSPs and customers in todays’ dynamic threat landscape. As someone with previous experience in the MSP space, it is refreshing to … More

New infosec products of the week: November 11, 2022

Here’s a look at the most interesting products from the past week, featuring releases from Acronis, Flashpoint, ImmuniWeb, Lacework, Picus Security, and Vanta. Flashpoint’s ransomware prediction model enables security teams to remediate vulnerabilities Flashpoint’s ransomware prediction model determines a Ransomware Likelihood rating that’s derived from a combination of factors, including exploit availability, attack type, impact, disclosure patterns, and other characteristics captured by VulnDB. This intelligence is critical to vulnerability management teams who often lack the … More