What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-14 05:30:00 | Open Systems launches Ontinue MDR division, new MXDR service Ontinue ION (lien direct) | Managed security services provider Open Systems has announced the launch of Ontinue, a new managed detection and response (MDR) division. It has also unveiled a new managed extended detection and response (MXDR) service, Ontinue ION, along with a new add-on service called Managed Vulnerability Mitigation (MVM).Ontinue ION offers advanced capabilities that enable faster detection and response, a deeper understanding of a customer's environment and the ability to maximize Microsoft security investments for greater efficiency, according to the firm. MVM helps customers reduce risk by highlighting the vulnerabilities that pose the greatest threats via intelligence and understanding of users' environments, Open Systems added.To read this article in full, please click here | Vulnerability | ★★ | |
|
2023-02-06 05:00:00 | OPSWAT mobile hardware offers infrastructure security for the air gap (lien direct) | Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company's media-scanning capabilities to work in the field.OPSWAT's MetaDefender line of kiosks is designed to address a potential security weakness for critical infrastructure defended by air gaps. In order to patch those systems, audit them, or move data among them, removable media like SD cards, USB sticks and sometimes even DVDs are used by field service personnel.The vulnerability of the removable media is, therefore, a potential problem, according to OPSWAT vice president of products Pete Lund, not least in the sense that that media could be used to move sensitive information off of critical infrastructure.To read this article in full, please click here | Vulnerability | ★★ | |
|
2023-02-03 13:13:00 | Critical vulnerability patched in Jira Service Management Server and Data Center (lien direct) | A critical vulnerability was fixed this week in Jira Service Management Server, a popular IT services management platform for enterprises, that could allow attackers to impersonate users and gain access to access tokens. If the system is configured to allow public sign-up, external customers can be affected as well.The bug was introduced in Jira Service Management Server and Data Center 5.3.0, so versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0 are affected. Atlassian has released fixed versions of the software but has also provided a workaround that involves updating a single JAR file in impacted deployments. Atlassian Cloud instances are not vulnerable.To read this article in full, please click here | Vulnerability | ★★★★ | |
|
2023-01-24 05:55:00 | (Déjà vu) ServiceNow to detect open source security vulnerabilities with Snyk integration (lien direct) | ServiceNow Vulnerability Response users will now have access to Snyk Open Source. This will represent the Israeli-US vendor's advanced software composition analysis (SCA) backed by Snyk's security intelligence-a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI.ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the ServiceNow platform with vulnerability scan data from other vendors which now includes Snyk's intelligence.To read this article in full, please click here | Vulnerability | ★★ | |
|
2023-01-24 05:55:00 | ServiceNow to detect open source security vulnerabilities with Synk integration (lien direct) | ServiceNow Vulnerability Response users will now have access to Snyk Open Source. This will represent the Israeli-US vendor's advanced software composition analysis (SCA) backed by Snyk's security intelligence-a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI.ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the ServiceNow platform with vulnerability scan data from other vendors which now includes Snyk's intelligence.To read this article in full, please click here | Vulnerability | ★★ | |
|
2023-01-23 13:30:00 | Attackers exploiting critical flaw in many Zoho ManageEngine products (lien direct) | Users of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical remote code execution vulnerability that attackers have now started exploiting in the wild. Technical details about the flaw along with a proof-of-concept exploit was released late last week, which will allow more attackers to add this exploit to their arsenal."The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet," researchers with penetration testing firm Horizon3.ai said in a blog post. "This vulnerability allows for remote code execution as NT AUTHORITY\SYSTEM, essentially giving an attacker complete control over the system. If a user determines they have been compromised, additional investigation is required to determine any damage an attacker has done."To read this article in full, please click here | Vulnerability | ★★ | |
|
2023-01-19 10:01:00 | Many ICS flaws remain unpatched as attacks against critical infrastructure rise (lien direct) | Patching vulnerabilities in industrial environments has always been challenging due to interoperability concerns, strict uptime requirements, and sometimes the age of devices. According to a recent analysis, a third of vulnerabilities don't even have patches or remediations available.Out of 926 CVEs -- unique vulnerability identifiers -- that were included in ICS advisories from the US Cybersecurity and Infrastructure Security Agency (CISA) during the second half of 2022, 35% had no patch or remediation available from the vendor, according to an analysis by SynSaber, a security company that specializes in industrial asset and network monitoring.To read this article in full, please click here | Vulnerability Industrial | ★★★ | |
|
2023-01-19 07:37:00 | Why you don\'t have to fix every vulnerability (lien direct) | The word “vulnerability” typically comes with a “must fix now” response. However, not all vulnerabilities should be treated equally because not all of them pose a risk. It all depends on what the data represents. In fact, some vulnerabilities are OK to deprioritize, depending on associated threats and the value of the asset at risk. For example, a lock on a 20th floor window of a building is not as important as one on the ground level, unless the contents of the room are so valuable that a thief would take the effort to access such an unreachable place. Scans reveal thousands of vulnerabilities across all assets – networks, applications, systems and devices – but they do not show which ones could lead to a damaging compromise if not fixed immediately. It is not about ignoring vulnerabilities; it is about prioritizing how you apply your resources to remediate them. Bay Dynamics provides some examples of vulnerabilities that are OK to put on the back burner.To read this article in full, please click here | Vulnerability Guideline | ★★ | |
|
2023-01-18 02:00:00 | Why it\'s time to review your on-premises Microsoft Exchange patch status (lien direct) | We start the patching year of 2023 looking at one of the largest releases of vulnerability fixes in Microsoft history. The January 10 Patch Tuesday update patched one actively exploited zero-day vulnerability and 98 security flaws. The update arrives at a time when short- and long-term technology and budget decisions need to be made.This is particularly true for organizations using on-premises Microsoft Exchange Servers. Start off 2023 by reviewing the most basic communication tool you have in your business: your mail server. Is it as protected as it could be from the threats that lie ahead of us in the coming months? The attackers know the answer to that question.To read this article in full, please click here | Tool Vulnerability Patching | ★★ | |
|
2023-01-13 12:01:00 | Attackers deploy sophisticated Linux implant on Fortinet network security devices (lien direct) | In December network security vendor Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details about a sophisticated malware implant that those attackers deployed through the flaw.Based on currently available information, the original zero-day attack was highly targeted to government-related entities. However, since the vulnerability has been known for over a month, all customers should patch it as soon as possible as more attackers could start using it.Remote code execution in FortiOS SSL-VPN The vulnerability, tracked as CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.To read this article in full, please click here | Malware Vulnerability | ★★★ | |
|
2023-01-13 04:00:00 | Royal ransomware group actively exploiting Citrix vulnerability (lien direct) | The Royal ransomware group is believed to be actively exploiting a critical security flaw affecting Citrix systems, according to the cyber research team at cyber insurance provider At-Bay. Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510, allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.To read this article in full, please click here | Ransomware Vulnerability | ★★ | |
|
2023-01-11 15:37:00 | Cybercriminals bypass Windows security with driver-vulnerability exploit (lien direct) | The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) - a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike.In this latest BYOVD attack, which was observed and stopped by CrowdStrike's Falcon security system, Scattered Spider attempted to deploy a malicious kernel driver via a vulnerability - CVE-2015-2291 in MITRE's Common Vulnerability and Exposures program - in the Intel Ethernet diagnostics driver for Windows (iqvw64.sys).To read this article in full, please click here | Vulnerability | ★★ | |
|
2022-12-28 02:00:00 | Log4Shell remains a big threat and a common cause for security breaches (lien direct) | The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its long-lasting impact highlights the major risks posed by flaws in transitive software dependencies and the need for enterprises to urgently adopt software composition analysis and secure supply chain management practicesLog4Shell, officially tracked as CVE-2021-44228, was discovered in December 2021 in Log4j, a widely popular open-source Java library that's used for logging. Initially disclosed as a zero-day, the project's developers quickly created a patch, but getting that patch widely adopted and deployed proved challenging because it relies on developers who used this component in their software to release their own updates.To read this article in full, please click here | Vulnerability Threat | ★★ | |
|
2022-12-15 02:00:00 | Microsoft Exchange ProxyNotShell vulnerability explained and how to mitigate it (lien direct) | Last year, two high severity, easily exploitable Microsoft Exchange vulnerabilities dubbed ProxyLogon and ProxyShell made waves in the infosec sphere. Nearly a year later, Exchange Server admins are met with another threat: ProxyNotShell, which in fact is a vulnerability chain comprising two actively exploited flaws: CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability that an authenticated attacker can exploit for privilege escalation. This vulnerability occurs because the root cause of ProxyShell's path confusion flaw remains, as explained further below. CVE-2022-41082 is a deserialization flaw that can be abused to achieve remote code execution (RCE) in Exchange's PowerShell backend once it becomes accessible to the attacker. Both vulnerabilities impact Microsoft Exchange Server on-premises and hybrid setups running Exchange versions 2013, 2016, and 2019 with an internet-exposed Outlook Web App (OWA) component.To read this article in full, please click here | Vulnerability | ★★★ | |
|
2022-12-14 06:00:00 | Wiz debuts PEACH tenant isolation framework for cloud applications (lien direct) | Cloud security vendor Wiz has announced PEACH, a tenant isolation framework for cloud applications designed to evaluate security posture and outline areas of improvement. The firm stated that the framework has been developed on the back of its cloud vulnerability research to tackle security challenges impacting tenant isolation.Security boundaries, incohesion, transparency impacting tenant isolation in cloud applications In a blog post, Wiz wrote that there have been several cross-tenant vulnerabilities in various multi-tenant cloud applications over the last 18 months. These include ExtraReplica and Hell's Keychain. “Although these issues have been reported on extensively and were dealt with appropriately by the relevant vendors, we've seen little public discussion on how to mitigate such vulnerabilities across the entire industry,” Wiz stated. What's more, the root cause of these vulnerabilities – improperly implemented security boundaries, usually compounded by otherwise harmless bugs in customer-facing interfaces – is significant, the firm added.To read this article in full, please click here | Vulnerability | ★★ | |
|
2022-12-08 02:00:00 | Microsoft\'s rough 2022 security year in review (lien direct) | We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here's a month-by-month look at the past year.January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the Microsoft Exchange Server remote code execution vulnerability (CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.To read this article in full, please click here | Vulnerability Patching | ★★★★★ | |
|
2022-11-30 10:31:00 | AWS\' Inspector offers vulnerability management for Lambda serverless functions (lien direct) | Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability in its machine learning security and privacy service, Amazon Macie.Both announcements were made during the AWS Re:Invent 2022 conference in Las Vegas this week. They follow other security-focused AWS releases including the launch of Wickr, a new encrypted messaging service for enterprises and Amazon Security Lake, which centralizes an organization's security data from cloud and on-premises sources into a purpose-built data lake in its AWS account.To read this article in full, please click here | Vulnerability | ★★★ | |
|
2022-11-24 02:00:00 | EPSS explained: How does it compare to CVSS? (lien direct) | The Common Vulnerability Scanning System (CVSS) is the most frequently cited rating system to assess the severity of security vulnerabilities. It has been criticized, however, as not being appropriate to assess and prioritize risk from those vulnerabilities. For this reason, some have called for using the Exploit Prediction Scoring System (EPSS) or combining CVSS and EPSS to make vulnerability metrics more actionable and efficient. Like CVSS, EPSS is governed by the Forum of Incident Response and Security Teams (FIRST).To read this article in full, please click here | Vulnerability | ||
|
2022-11-09 09:35:00 | GitHub releases new SDLC security features including private vulnerability reporting (lien direct) | GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby programming language, and two new security overview options. The world's leading development platform said these updates make securing the SDLC end-to-end easier and more seamless for developers. The releases come as SDLC cybersecurity remains high on the agenda with research revealing an increase of almost 800% in software supply chain attacks.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-11-09 03:00:00 | Rezilion expands SBOM to support Windows environments (lien direct) | Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools to efficiently manage software vulnerabilities and meet new regulatory standards, addressing functionality gaps of traditional vulnerability management tools primarily designed for use with Linux OS. Features include the ability to search and pinpoint vulnerable components, view Windows and Linux risk side by side in one UI, and tackle legacy vulnerability backlogs. The expansion comes as Microsoft vulnerabilities continue to plague organizations across the globe.To read this article in full, please click here | Vulnerability | ||
|
2022-11-04 13:45:00 | Qualys previews TotalCloud FlexScan for multicloud security management (lien direct) | Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments.The software is designed to provide a holistic overview of an organization's cloud-based workloads and identify known vulnerabilities. The system also scans workloads to check whether they've opened network ports, and monitors a host of other factors to offer a detailed picture of a business' overall vulnerability status, tracking publicly exposed VMs (virtual machines), databases, user accounts and exploitable vulnerabilities in public-facing assets.To read this article in full, please click here | Vulnerability | ||
|
2022-11-02 04:00:00 | Azul detects Java vulnerabilities in production apps (lien direct) | Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM. | Vulnerability | ||
|
2022-10-19 12:03:00 | Supply chain attacks increased over 600% this year and companies are falling behind (lien direct) | The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains,” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software so having an understanding of their origins is critical to vulnerability response. Many organizations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”To read this article in full, please click here | Vulnerability | ||
|
2022-10-10 07:17:00 | Endor Labs offers dependency management platform for open source software (lien direct) | Endor Labs came out of stealth on Monday and launched its Dependency Lifecycle Management Platform, designed to ensure end-to-end security for open source software (OSS). The software addresses three key things-helping engineers select better dependencies, helping organizations optimize their engineering, and helping them reduce vulnerability noise.The platform scans the source code and offers feedback to developers and security teams on what is potentially good and bad about the libraries. Based on this, developers can make better decisions on which dependencies or libraries to use, where to use them, and who should use them.To read this article in full, please click here | Vulnerability | ||
|
2022-10-07 07:42:00 | New cryptojacking campaign exploits OneDrive vulnerability (lien direct) | Cryptojacking is turning into a security nightmare for consumers and enterprises alike. Malicious actors have used a variety of techniques to install cryptojackers on victims' computers and in a new development, cybersecurity software maker Bitdefender has detected a cryptojacking campaign that uses a Microsoft OneDrive vulnerability to gain persistence and run undetected on infected devices.Between May 1 and July 1, Bitdefender detected about 700 users who were affected by the campaign. The campaign uses four cryptocurrency mining algorithms-Ethash, Etchash, Ton and XMR- making an average of $13 worth of cryptocurrency per infected computer, Bitdefender reported this week.To read this article in full, please click here | Vulnerability | ||
|
2022-10-05 12:15:00 | North Korea\'s Lazarus group uses vulnerable Dell driver to blind security solutions (lien direct) | The notorious North Korean state-sponsored hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions. This is a prime example of why it's important to always keep third-party PC manufacturer software, which is often neglected, up to date, as well as to add vulnerable versions to blocklists.“The most notable tool delivered by the attackers was a user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver,” security researchers from antivirus firm ESET said in a recent report. “This is the first ever recorded abuse of this vulnerability in the wild. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way.”To read this article in full, please click here | Tool Vulnerability | APT 38 | |
|
2022-10-03 02:00:00 | 11 old software bugs that took way too long to squash (lien direct) | In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old-and there was no patch available, and no expectation that one would be forthcoming.Fortunately, that's because the system in question was Marvin Minsky's 1967 implementation of a Universal Turing Machine, which, despite its momentous theoretical importance for the field of computer science, had never actually been built into a real-world computer. But in the decade or so after Minsky's design, the earliest versions of Unix and DOS came into use, and their descendants are still with us today in the 21st century. Some of those systems have had bugs lurking beneath the surface for years or even decades.To read this article in full, please click here | Vulnerability | ||
|
2022-09-26 13:59:00 | Zoho ManageEngine flaw is actively exploited, CISA warns (lien direct) | A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities last week, highlighting an immediate threat for organizations that haven't yet patched their vulnerable deployments.The vulnerability, tracked as CVE-2022-3540, was privately reported to Zoho in June by a security researcher identified as Vinicius and was fixed later that same month. The researcher posted a more detailed writeup at the beginning of this month and, according to him, it's a Java deserialization flaw inherited from an outdated version of Apache OFBiz, an open-source enterprise resource planning system, where it was patched in 2020 (CVE-2020-9496). This means that the Zoho ManageEngine products were vulnerable for two years due a failure to update a third-party component.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-09-09 07:40:00 | Medical device vulnerability could let hackers steal Wi-Fi credentials (lien direct) | A vulnerability found in an interaction between a Wi-Fi-enabled battery system and an infusion pump for the delivery of medication could provide bad actors with a method for stealing access to Wi-Fi networks used by healthcare organizations, according to Boston-based security firm Rapid7.The most serious issue involves Baxter International's SIGMA Spectrum infusion pump and its associated Wi-Fi battery system, Rapid7 reported this week. The attack requires physical access to the infusion pump. The root of the problem is that the Spectrum battery units store Wi-Fi credential information on the device in non-volatile memory, which means that a bad actor could simply purchase a battery unit, connect it to the infusion pump, and quicky turn it on and off again to force the infusion pump to write Wi-Fi credentials to the battery's memory.To read this article in full, please click here | Vulnerability | ||
|
2022-09-06 01:00:00 | The Heartbleed bug: How a flaw in OpenSSL caused a security crisis (lien direct) | What is Heartbleed? Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it was present on thousands of web servers, including those running major sites like Yahoo.OpenSSL is an open source code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability meant that a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords.The TLS/SSL standards are crucial for modern web encryption, and while the flaw was in the OpenSSL implementation rather than the standards themselves, OpenSSL is so widely used-when the bug was made public, it affected 17% of all SSL servers-that it precipitated a security crisis.To read this article in full, please click here | Vulnerability | Yahoo | |
|
2022-09-01 16:46:00 | Apple pushes out emergency updates to address zero-day exploits (lien direct) | Apple has encouraged users of older mobile and desktop devices to update their software ASAP, as a vulnerability could allow an attacker to take complete control of older Apple devices. | Vulnerability | ||
|
2022-08-29 02:00:00 | Sorting zero-trust hype from reality (lien direct) | It seems as if everyone is playing “buzzword bingo” when it comes to zero trust and its implementation, and it starts with government guidance. The White House's comments in January on the Office of Management and Budget's (OMB's) Federal Zero Trust Strategy for all federal agencies and departments were both pragmatic and aspirational. Their observation, citing the Log4j vulnerability as an example, sums it up nicely: “The zero-trust strategy will enable agencies to more rapidly detect, isolate, and respond to these types of threats.”To read this article in full, please click here | Vulnerability | ||
|
2022-08-24 12:34:00 | WannaCry explained: A perfect ransomware storm (lien direct) | What is WannaCry? WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computer, it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain's National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization that may be connected to the North Korean government.To read this article in full, please click here | Ransomware Vulnerability Medical | Wannacry Wannacry APT 38 | |
|
2022-08-24 02:00:00 | Why patching quality, vendor info on vulnerabilities are declining (lien direct) | Those who apply security patches are finding that it's becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren't fixed right or variant bugs that could have been patched the first time.Childs also pointed out that vendors are not providing good information about the Common Vulnerability Scoring System (CVSS) risk to easily analyze whether to patch. The vendor might give a high CVSS risk score to a bug that wouldn't be easily exploited. I am having to dig more into details of a bug to better understand the risk of not applying an update immediately. Vendors are adding obscurity to bug information and making it harder to understand the risk.To read this article in full, please click here | Vulnerability Patching | ||
|
2022-08-17 12:09:00 | Universal database of device vulnerability information launched (lien direct) | A universal database of agentless devices currently being used on enterprise networks has been announced by DeviceTotal. The new repository allows the company's customers to identify the accurate security posture for each device in their organization, according to the maker of a security platform for connected devices."It's difficult to get information on agentless devices because every vendor publishes their data the way they want to do it," explains DeviceTotal founder and CEO Carmit Yadin. "There's no standardization. There's no one place you can go today and identify the risk of a device on your network or that you want to purchase. That's why we created this repository."To read this article in full, please click here | Vulnerability | ||
|
2022-08-16 05:30:00 | Safe Security debuts two free risk assessment tools for businesses (lien direct) | Cybersecurity risk assessment company Safe Security on Tuesday rolled out two new online risk assessment tools for businesses to use, in order to help them understand their vulnerability to cyberattacks and the costs of insuring against them.Both tools-an interactive cost calculator for cyberattacks and a cyberinsurance assessment app-are available as free-to-use web pages, created by Safe Security and based on the company's institutional knowledge and in-house research into cybersecurity risk factors.Risk tools measure financial impact of cyberthreats The cost calculator for cyberattacks takes into account general data-like revenue, number of employees, vertical, headquarters location and the types of records stores-to arrive at an “annual loss expectancy” figure, according to vice president of AI and cyber insurance at Safe Security, Pankaj Goyal. This measures the likelihood of an attack against the potential financial impact, breaking the potential harms down by the type of attack-currently ransomware, data breach, and business email compromise, but with more types on the way, according to Goyal.To read this article in full, please click here | Vulnerability | ||
|
2022-08-16 02:00:00 | Vulnerability eXploitability Exchange explained: How VEX makes SBOMs actionable (lien direct) | The fallout of the SolarWinds cybersecurity incident, coupled with Cybersecurity Executive Order (EO) put the topic of software supply chain security, and by association, software bills of material (SBOM) center stage in the security dialog. Coupled with the Log4j vulnerability and impact that left countless organizations scrambling to determine the impact, SBOMs are now a critical component of modern cybersecurity vulnerability programs. To read this article in full, please click here | Vulnerability | ||
|
2022-08-11 14:17:00 | Top cybersecurity products unveiled at Black Hat 2022 (lien direct) | Zero trust security management, extended detection and response (XDR), and a host of other threat and vulnerability management offerings were among the top products and services launched at Black Hat USA 2022 this week in Las Vegas.Black Hat is an annual global conference of security professionals, enthusiasts and vendors, serving as a stage for innovation in the cybersecurity field. The exhibition and conference is conducted annually in locations in the US, Europe, Asia and the Middle East, with Las Vegas typically being the biggest event. Here below are some of the more interesting product announcements that took place at the show this week.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-08-10 07:37:00 | Microsoft urges Windows users to run patch for DogWalk zero-day exploit (lien direct) | Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability. | Vulnerability | ||
|
2022-08-08 02:00:00 | SBOM formats SPDX and CycloneDX compared (lien direct) | Software bills of materials (SBOMs) are becoming a critical component of vulnerability management. Many organizations, however, are still wrestling with understanding fundamental topics in the SBOM discussion, such as the differences among the SBOM formats.What are SBOM formats? SBOM formats are standards for defining a unified structure for generating SBOMs and sharing them with end users or customers. They describe the composition of software in a common format that other tools can understand.The leading SBOM formats are Software Package Data Exchange (SPDX), Software Identification (SWID) Tagging, and CycloneDX. Only SPDX and CycloneDX are being adopted for security use cases. SWID is primarily focused on licensing and is therefore out of scope for this discussion. As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and others have stated, we will have multiple SBOM formats for some time.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-08-04 02:00:00 | 11 stakeholder strategies for red team success (lien direct) | Red teams are a necessary evil – literally – in today's cyber threat landscape. Motivations for engaging in offensive testing activities can vary from regulatory requirements to certification aspirations. Truly proactive and progressive security programs incorporate offensive operations almost immediately as security is built and defined.Most organizations start with vulnerability scanning and then move into penetration testing (pentesting), taking the vulnerability scan one step farther from guessing a vulnerability could be exploited to proving exactly how it can be. Red team programs are often, incorrectly, synonymously associated with pentesting, but it is a very different function.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-07-29 11:25:00 | CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has been investigating attacks exploiting the Log4Shell vulnerability in third-party products like VMware Horizon and Unified Access Gateway (UAG). The agency published indicators of compromise (IOCs) collected from incidents it investigated as recently as June, highlighting the long-lasting impact of this vulnerability that's over six months old."From May through June 2022, CISA provided remote incident support at an organization where CISA observed suspected Log4Shell PowerShell downloads," the agency said in a report this week. "During remote support, CISA confirmed the organization was compromised by malicious cyber actors who exploited Log4Shell in a VMware Horizon server that did not have patches or workarounds applied."To read this article in full, please click here | Vulnerability | ||
|
2022-07-29 09:15:00 | Flashpoint says its VulnDB records vulnerabilities that MITRE CVE missed (lien direct) | Cyberthreat intelligence company Flashpoint said in a report issued this week that it detected a total of 11,860 vulnerabilities in the first half of 2022, with almost a third of them missed or not detailed by the public MITRE CVE (Common Vulnerabilities and Exposures) database.The report, "State of Vulnerability Intelligence," includes disclosures-security vulnerabilities in hardware and software products reported by vendors and cybersecurity experts-collected by Flashpoint's in-house vulnerability intelligence database, VulnDB.Flashpoint said that there were huge discrepancies in the severity and classification of vulnerabilities reported by VulnDB, and those recorded in MITRE's CVE database and the NVD database maintained by NIST (the US National Institute of Standards and Technology). NIST and MITRE coordinate their finding and report similar vulnerabilities. Flashpoint cautioned organizations to depend on more comprehensive and specific sources for a clear underatanding of the vulnerability landscape.To read this article in full, please click here | Vulnerability | ||
|
2022-07-19 02:00:00 | 10 industry-defining security incidents from the last decade (lien direct) | The last decade has seen its fair share of watershed moments that have had major implications on the cybersecurity landscape. Severe vulnerabilities, mass exploitations, and widespread cyberattacks have reshaped many aspects of modern security. To take stock of the past 10 years, cybersecurity vendor Trustwave has published the Decade Retrospective: The State of Vulnerabilities blog post featuring a list of what it considers to be the 10 most prominent and notable network security issues and breaches of the last 10 years.“It is difficult to tell the complete story about the network security landscape from the past decade because security tools and event loggers have evolved so much recently that many of the metrics that we take for granted today simply did not exist 10 years back,” the blog read. “Nevertheless, the data that is available provides enough information to spot some significant trends. The most obvious trend, based on sources like the National Vulnerability Database (NVD), Exploit-DB, VulnIQ, and Trustwave's own security data, is that security incidents and individual vulnerabilities have been increasing in number and becoming more sophisticated,” it added.To read this article in full, please click here | Vulnerability | ||
|
2022-07-19 00:01:00 | Darktrace launches new PREVENT AI security products to pre-empt cyberthreats (lien direct) | Darktrace has announced a new set of AI products designed to deliver proactive security to help organizations pre-empt cyberthreats. The PREVENT products are the latest additions to the firm's artificial intelligence (AI)-driven portfolio, which it claimed works together autonomously to optimize an organization's state of security through a continuous feedback loop. The firm said that the new products are based on breakthroughs developed in the company's Cambridge Cyber AI Research Centre and the capabilities gained through the acquisition of Cybersprint earlier this year.PREVENT products use AI to “think like an attacker” In a press release, Darktrace stated that its two new PREVENT products use AI to “think like an attacker,” finding pathways to an organization's most critical assets from “inside and outside,” analyzing the most disruptive attacks for an organization and feeding information to support continuous learning and automation to harden systems. PREVENT/E2E (End-to-End) uses an outcome-based approach to managing cyber risk incorporating capabilities from across multiple disciplines including attack path modelling, automated penetration testing, breach and attack emulation, security awareness testing and training, and vulnerability prioritization.To read this article in full, please click here | Vulnerability | ||
|
2022-07-12 02:00:00 | Locked in: How long is too long for security vendor contracts? (lien direct) | Stephanie Benoit Kurtz thought she had a good deal when, in one of her former CISO roles, she signed a three-year contract with a vendor for vulnerability management as a service.Benoit Kurtz inked the deal thinking that her security operations program would make full use of all the offered features. But she found early into the three-year stretch that her team only used about 60% of them.She says she was in a bind: paying for a product that wasn't really the right fit with no way to get out of the contract.“It's hard to go back to the manufacturer and say, 'I didn't need that module so can I get my money back?” They don't seem to want to engage in that conversation,” says Benoit Kurtz, a former security executive who is now lead faculty for the College of Information Systems and Technology at the University of Phoenix.To read this article in full, please click here | Vulnerability Guideline | ||
|
2022-07-07 14:39:00 | Wiz offers CVE-like cloud vulnerability registry, but will it gain traction? (lien direct) | Cloud security company Wiz recently announced a community-based website, cloudvulndb.org, that provides a centralized cloud vulnerabilities database for public access. While the database fills gaps left by MITRE's CVE vulnerability system and the current shared-responsibility model for cloud security issues, it will require additional, widespread industry support in order to be successful, according to security experts.The new vulnerability database is a continuation of Wiz's efforts to streamline the detection and management of cloud vulnerabilities which, it says, often tend to fall between the cracks among current systems.To read this article in full, please click here | Vulnerability | ||
|
2022-07-05 03:40:00 | SQL injection, XSS vulnerabilities continue to plague organizations (lien direct) | Despite years topping vulnerability lists, SQL injection and cross-site scripting errors (XSS) remain the bane of security teams, according to a new report by a penetration-testing-as-a-service company.The report by BreachLock, based on 8,000 security tests performed in 2021, organizes its findings based on risk. Critical risk findings pose a very high threat to a company's data. High risks could have a catastrophic effect on an organization's operations, assets or individuals. Medium risks could have an adverse impact on operations, assets or individuals.To read this article in full, please click here | Vulnerability Threat | ||
|
2022-06-29 02:00:00 | Why more zero-day vulnerabilities are being found in the wild (lien direct) | The number of zero-days exploited in the wild has been high over the past year and a half, with different kinds of actors using them. These vulnerabilities, which are unknown to the software maker, are leveraged by both state-sponsored groups and ransomware gangs.During the first half of this year, Google Project Zero counted almost 20 zero-days, most of which target products built by Microsoft, Apple and Google, with browsers and operating systems taking up large chunks. In addition, a critical remote code execution vulnerability was found in Atlassian's Confluence Server, which continues to be exploited. But in 2021, the number of in-the-wild zero-days was even higher. Project Zero found 58 vulnerabilities, while Mandiant detected 80--more than double compared to 2020.To read this article in full, please click here | Ransomware Vulnerability | ||
|
2022-06-23 11:08:00 | Cisco reports vulnerabilities in products including email and web manager (lien direct) | Cisco has issued alerts for a vulnerability found in its email security and web management products that could allow an authenticated remote actor to retrieve sensitive information from an affected device.An advisory issued by Cisco this week outlined that the vulnerability-detected in the web management interface of Cisco Secure Email and Web Manager, known formerly as Cisco Security Management Appliance (CSMA), and Cisco Email Security Appliance (ESA)-allows an authenticated actor to extract sensitive information through a Lightweight Directory Access Protocol (LDAP) server connected to the affected device.This vulnerability is due to a design oversight in the querying process, according to Cisco. LDAP is an external authentication protocol for accessing and maintaining distributed directory information services on the public internet or corporate intranet.To read this article in full, please click here | Vulnerability |
To see everything:
Our RSS (filtrered)
