Why Vulnerable Code Is Shipped Knowingly
The push to develop and deploy applications faster has evolved from simply a goal for developers to a business-level priority that affects every organization’s bottom line. To meet this goal, companies have begun to de-silo development, operations, and security, moving toward a DevSecOps model to deliver increased agility and speed in the software development life…
Why Better Password Hygiene Should Be Part of Your New Year’s Resolutions
The world has been faced with numerous life lessons in 2020, but it’s clear that millions of people still haven’t learned one of the most basic when it comes to security. A new report from NordPass has revealed that millions of people still haven’t broken the habit of using easy-to-remember, but easy-to-hack passwords. Of the…
VMware releases workarounds for another critical flaw (CVE-2020-4006)
For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, Access Connector, VMware Identity Manager and VMware Identity Manager Connector. As some of these are components of the VMware Cloud Foundation (vIDM) and vRealize Suite Lifecycle Manager (vIDM)…
How the pandemic has accelerated existing risk trends
COVID-19 has reorganized the risk landscape for chief audit executives (CAEs), as CAEs have listed IT governance as the top risk for 2021, according to Gartner. Analysts said the pandemic is giving rise to new sets of risks while exacerbating long-standing vulnerabilities. Gartner conducted interviews and surveys from across its global network of client organizations…
Microsoft Releases Out-of-Band Update for Kerberos Authentication Issues
The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos Key Distribution Center (KDC) that Microsoft fixed on November 2020 Patch Tuesday. CVE-2020-17049, the tech company explains in an advisory, resides in the manner in which KDC determines whether tickets are eligible for delegation via Kerberos…
VMware Patches Vulnerabilities Exploited at Chinese Hacking Contest
At the 2020 Tianfu Cup International PWN Contest, which took place earlier this month in China, participants earned a total of more than $1.2 million for exploits targeting Chrome, Safari, Firefox, Adobe Reader, Docker, VMware ESXi, CentOS, the iPhone, the Samsung Galaxy S20 phone, Windows, and routers from TP-Link and Asus. The 360 ESG Vulnerability…
Consumer behaviors and cyber risks of holiday shopping in 2020
While consumers are aware of increased risks and scams via the internet, they still plan to do more shopping online – and earlier – this holiday season, McAfee reveals. Thirty-six percent of Americans note they are hitting the digital links to give gifts and cheer this year, despite 60% feeling that cyber scams become more…
Cisco Webex Vulnerability Allows Ghost Access to Meetings
Identified by IBM’s security researchers, the Webex flaws could allow attackers to join meetings as ghosts (without being seen by other participants), remain in the meeting as a ghost after being expelled, and access information on meeting attendees (names, email addresses and IP addresses). Tracked as CVE-2020-3419, the first of the issues impacts both Webex…
Risk professionals expect a dynamic risk environment in 2021
A majority of audit and risk professionals believe the risk environment will continue to be dynamic and unpredictable in 2021, rather than returning to more stable pre-pandemic conditions, an AuditBoard survey finds. The top risk they cited for the coming year was of “economic conditions impacting growth,” followed closely by “cybersecurity threats.” The responses also…
6 security shortcomings that COVID-19 exposed
A year ago, in the fall of 2019, Mike Zachman ran a security drill for his company, Zebra Technologies Corp. Zachman, who as chief security officer oversees cybersecurity as well as product security and physical security, had focused the exercise on business continuity to determine how well the company’s plans would hold up. He had…
