Why Fixing Security Vulnerabilities Is Not That Simple
It sounds simple: A scanner identifies a vulnerability, the vulnerability is patched. What happens in between, however, can be far from simple. Yet if you are not on a security team or, more specifically, a vulnerability management team, you would never know the bumpy, winding road that often stretches between scanning and patching. The Patch…
How Cybercriminals Exploit Simple Human Mistakes
“People make mistakes” is a common and relatable phrase, but it’s also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in “Human-Centered Security: Addressing Psychological Vulnerabilities,” a new report published today. Human vulnerabilities, whether triggered…
The top 5 email encryption tools: More capable, better integrated
The world of email encryption has changed significantly in the past few years. The leading tools are evolving, each in their own way: HPE/Voltage SecureMail is now part of Micro Focus, part of an acquisition of other HPE software products Virtru Pro has extended its product with new features and integrations Inky no longer focuses…
6 biggest healthcare security threats for 2020
Consumers are more worried now about their protected health information (PHI) being compromised, thanks to high-profile breaches like Anthem and Allscripts. The recent RSA Data Privacy Report surveyed 7,500 consumers in Europe and the US. It showed that 59 percent of the respondents were concerned about their medical data being compromised. Thirty-nine percent were worried…
It’s Not Healthy to Confuse Compliance with Security
Cyberattackers’ interest in healthcare organizations continues to increase. In 2018, there were 284 breaches reported on the US Department of Health and Human Services (HHS) breach portal and 27 so far in 2019. According to InfoSec Institute, “nearly 95 percent of all medical and health care institutions have been victims of some form of cyberattack.”…
Critical vulnerabilities uncovered in Danfoss SCADA product, patch now!
Risk Based Security uncovered multiple vulnerabilities in the AK-EM 800 product from SCADA vendor Danfoss. The discovered vulnerabilities Researchers found two critical vulnerabilities. One is effectively a backdoor into highly privileged functionality to manage the software. Although this backdoor was likely created to help the vendor’s support team log into systems to assist their clients,…
Cardholders still dropping the ball when it comes to basic ID theft prevention
Four in 10 people with a credit or debit card have provided their full Social Security number in an online form in the past month, according to a new report from CompareCards, as Americans continue to wrestle with how best to combat identity theft two years after the Equifax data breach. For the second straight…
Digital transformation helps companies work smarter yet makes them vulnerable to breaches
While digital transformation helps companies work smarter, there is a risk that the ongoing digitization may unlock a host of security vulnerabilities that can cost companies money, time, intellectual property, and customer trust, according to a Canon survey. All organizations surveyed across a range of verticals experienced an alarming amount of cyber threats over the…
ICS security: Popular building management system vulnerable to takeover
Security researchers found a remotely exploitable critical vulnerability in a building management system used by businesses, hospitals, factories and other organizations to control things like ventilation, temperature, humidity, air pressure, lighting, secure doors and more. The vendor has released a firmware update, but hundreds of these systems are still exposed on the internet, highlighting the…
Orgs Doing More App Security Testing but Fixing Fewer Vulns
Enterprise organizations are scanning more applications for security vulnerabilities than ever before, but, troublingly, they are remediating fewer of their discoveries because of the sheer volume. As it has for the past 13 years, WhiteHat Security recently analyzed data from the results of application security tests the company performed at customer locations last year. The…