Educational organizations massively vulnerable to cyber attacks
The education sector is facing a crisis as schools grapple with high levels of risk exposure – driven in large part by complex IT environments and digitally savvy student populations – that have made them a prime target for cybercriminals and ransomware attackers, according to Absolute. The summer months of 2019 saw the number of…
Why Fixing Security Vulnerabilities Is Not That Simple
It sounds simple: A scanner identifies a vulnerability, the vulnerability is patched. What happens in between, however, can be far from simple. Yet if you are not on a security team or, more specifically, a vulnerability management team, you would never know the bumpy, winding road that often stretches between scanning and patching. The Patch…
Employees are mistakenly confident that they can spot phishing emails
While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey. Further, nearly half (48%) of respondents said their personal or financial data had…
Critical vulnerabilities uncovered in Danfoss SCADA product, patch now!
Risk Based Security uncovered multiple vulnerabilities in the AK-EM 800 product from SCADA vendor Danfoss. The discovered vulnerabilities Researchers found two critical vulnerabilities. One is effectively a backdoor into highly privileged functionality to manage the software. Although this backdoor was likely created to help the vendor’s support team log into systems to assist their clients,…
Digital transformation helps companies work smarter yet makes them vulnerable to breaches
While digital transformation helps companies work smarter, there is a risk that the ongoing digitization may unlock a host of security vulnerabilities that can cost companies money, time, intellectual property, and customer trust, according to a Canon survey. All organizations surveyed across a range of verticals experienced an alarming amount of cyber threats over the…
ICS security: Popular building management system vulnerable to takeover
Security researchers found a remotely exploitable critical vulnerability in a building management system used by businesses, hospitals, factories and other organizations to control things like ventilation, temperature, humidity, air pressure, lighting, secure doors and more. The vendor has released a firmware update, but hundreds of these systems are still exposed on the internet, highlighting the…
Orgs Doing More App Security Testing but Fixing Fewer Vulns
Enterprise organizations are scanning more applications for security vulnerabilities than ever before, but, troublingly, they are remediating fewer of their discoveries because of the sheer volume. As it has for the past 13 years, WhiteHat Security recently analyzed data from the results of application security tests the company performed at customer locations last year. The…
IoT explodes worldwide, researchers investigate security issues present in the devices real users own
About 40 percent of households across the globe now contain at least one IoT device, according to Avast. In North America, that number is almost double, at 66 percent, bringing with it an associated growth in cybersecurity risks. The findings have been published in a new research paper “All Things Considered: An Analysis of IoT…
Growing reliance on open source libraries leaves many companies vulnerable
Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi, warns that the growing reliance on OSLs for software development leaves many companies vulnerable to trust-based attacks. Cybercriminals use trust attacks to maliciously manipulate and insert code into open…
Vulnerability Leaves Container Images Without Passwords
Nearly one in five of the most popular containers available on the Docker store have no password for root access. That’s the finding of researcher Jerry Gamblin, building on work by researchers at Cisco Talos. The result could easily be hundreds of thousands of containers deployed with no functional password at all. The finding is…