vulnerability

Vulnerabilities

Issued by: Help Net Security

How mainstream media coverage affects vulnerability management

For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has made more people aware of the risks and of the need to keep their various devices (software) up-to-date and, with the increased digitization of our everyday lives, I would say that’s a definitive…

Network Security

Issued by: Help Net Security

Legacy infrastructures and unmanaged devices top security risks in the healthcare industry

The proliferation of healthcare IoT devices, along with unpartitioned networks, insufficient access controls and the reliance on legacy systems, has exposed a vulnerable attack surface that can be exploited by cybercriminals determined to steal personally identifiable information (PII) and protected health information (PHI), in addition to disrupting healthcare delivery processes. Published in the Vectra 2019…

Vulnerabilities

Issued by: Dark Reading

There May be A Ceiling on Vulnerability Remediation

Security has no shortage of metrics — everything from the number of vulnerabilities and attacks to the number of bytes per second in a denial-of-service attack. Now a new report focuses on how long it takes organizations to remediate vulnerabilities in their systems — and just how many of the vulnerabilities they face they’re actually…

Malware & Threats

Issued by: Dark Reading

New Google+ Breach Will Lead to Early Service Shutdown

As vulnerabilities go, it was the best sort: found by internal testing before it led to a security breach. Nevertheless, the latest Google+ software vulnerability was enough to push forward shutting down the service: Google now says it will be shuttered by April 2019 rather than the originally planned August 2019. According to Google, the…

Malware & Threats

Issued by: CSO

7 warning signs of an insider threat

Employees conducting attacks on their own employees – known as insider threats – are becoming increasingly common and costly. According to a CA report, over 50 percent of organizations suffered an insider threat-based attack in the previous 12 months, while a quarter say they are suffering attacks more frequently than in the previous year. Ninety…

Vulnerabilities

Issued by: Help Net Security

Helping researchers with IoT firmware vulnerability discovery

John Toterhi, a security researcher with IoT security company Finite State, believes that many of the security problems plaguing IoT devices are solvable problems through transparency. “Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best…

Malware & Threats

Issued by: Help Net Security

Most Fortune 50 companies unprepared for major DNS attack

ThousandEyes has found that 68 percent of the top 50 companies on the Global Fortune 500 rankings are not adequately prepared for the next major attack on the DNS. Additionally, researchers found similar vulnerability among 44 percent of the top 25 SaaS providers, as well as 72% of the FTSE 100 companies. “Because Digital Experience…

Cloud Security

Issued by: Dark Reading

It Takes an Average 38 Days to Patch a Vulnerability

It takes over a month for the average organization to patch its most critical vulnerabilities, according to a new report detecting trends in Web application attacks. The data comes from tCell, which today released its Q2 2018 “Security Report for In-Production Web Applications.” Researchers analyzed more than 316 million security incidents across its customer base…

Vulnerabilities

Issued by: Help Net Security

Vulnerability in GnuPG allowed digital signature spoofing for decades

A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail and GPGTools. About the vulnerability (CVE-2018-12020) CVE-2018-12020, dubbed “SigSpoof” by Marcus Brinkmann, the researcher which found it, arises from “weak design choices.” “The signature verification routine…

Cloud Security

Issued by: Security Week

How Safe Are Your Assets in the Cloud?

The cloud environment is elastic and moves fast. That elasticity applies to cyberattacks just as much, so it is critical for enterprises to have visibility into all the data that crosses its network. While moving workloads and applications to the cloud brings flexibility and agility, it also introduces multiple points of attack.  Enterprises need to…