Positive Technologies Archives - Cyber Security Minute

Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw

Issued by: Security Week

NSM is a firewall management application that provides the ability to monitor and manage all network security services from a single interface, as well as to automate tasks to improve security operations. The product is available for on-premises deployments or as a SaaS offering. Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the…

Vulnerabilities

Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability

Issued by: Security Week

The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server. While in most cases an attacker would need to have access to the targeted organization’s network in…

Network Security

The dark web is flooded with offers to purchase corporate network access

Issued by: Help Net Security

There is a flood of interest in accessing corporate networks on the dark web, according to Positive Technologies. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working…

Application Security

High-risk vulnerabilities found in 1/3 of iOS apps, nearly half of Android apps

Issued by: Help Net Security

Expert testing of iOS and Android mobile applications shows that in most cases, insecure data storage is the most common security flaw in mobile apps. Positive Technologies’ yearly report, Vulnerabilities and Threats in Mobile Applications 2019, found that critical vulnerabilities are slightly more common in Android applications, compared to their iOS counterparts (43% vs. 38%)….

Malware & Threats

What do successful pentesting attacks have in common?

Issued by: Help Net Security

In external penetration testing undertaken for corporate clients in industrial, financial, and transport verticals in 2018, Positive Technologies found that, at the vast majority of companies, there were multiple vectors in which an attacker could reach the internal network. Full control of infrastructure was obtained on all tested systems in internal pentesting. In addition, the…