enterprise
The most common exploit paths enterprises leave open for attackers
Exposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takover, exposed Amazon S3 buckets, and Microsoft Exchange Server …
Qbot – known channel for ransomware – delivered via phishing and Follina exploit
More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the …
40% of enterprises don’t include business-critical systems in their cybersecurity monitoring
Logpoint has announced findings from a recent poll to uncover the security and cost implications enterprises face with their existing IT infrastructure. The poll was targeted …
Microsoft Office apps are vulnerable to IDN homograph attacks
Microsoft Office apps – including Outlook – are vulnerable to homograph attacks based on internationalized domain names (IDNs). In practice, this means that users …
How cybercriminals are targeting executives at home and their families
Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass …
Review: Hornetsecurity 365 Total Protection Enterprise Backup
Hornetsecurity 365 Total Protection Enterprise Backup is a cloud-based data protection and security solution that provides protection against spam, malware, and other advanced …
Verizon 2022 DBIR: External attacks and ransomware reign
There has been an alarming rise (13%) in ransomware breaches – a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach …
VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)
VMware has released patches for a privately reported critical vulnerability (CVE-2022-22972) in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize …
US warns of North Korean hackers posing as IT freelancers
Companies and other organizations should be careful when employing IT freelancers, lest they end up hiring North Korean hackers. The advice comes from the US Department of …
Mastering microsegmentation for enterprise applications
Network segmentation is one of the defensive practices used by many enterprises to stop the spread of malware in the ecosystem. Servers and databases are grouped together by …
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
NIST updates guidance for cybersecurity supply chain risk management
The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks …