cybersecurity Archives - Page 23 of 108

High-Severity Vulnerabilities Patched in Omron PLC Programming Software

Issued by: Security Week

An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8. CX-Programmer, which is part of Omron’s CX-One automation software suite, is designed for programming and debugging Omron programmable logic controllers (PLCs). According to the U.S. Cybersecurity and…

Application Security

HelpSystems to Acquire MDR Services Firm Alert Logic

Issued by: Security Week

Terms of the agreement were not disclosed The company’s MDR solution augments customers’ existing cybersecurity resources to protect on-premise, cloud, SaaS, and hybrid environments, and meet regulatory requirements, including PCI DSS, HIPAA HITECH, GDPR, Sarbanes-Oxley (SOX), SOC 2, NIST 800-171 and 800-53, ISO 27001, COBIT, and more. Houston, Texas-based Alert Logic, which claims more than…

Malware & Threats

U.S. State Governments Targeted by Chinese Hackers via Zero-Day in Agriculture Tool

Issued by: Security Week

In a blog post published on Tuesday, cybersecurity research and incident response company Mandiant said it became aware of the campaign in May 2021, when it was called in to investigate an attack on a U.S. state government network. An analysis revealed that the attack had likely been carried out by a Chinese state-sponsored threat…

Malware & Threats

Cyberattack Knocks Thousands Offline in Europe

Issued by: Security Week

According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client. Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on…

Network Security

Enterprise IoT Security Firm Phosphorus Raises $38 Million

Issued by: Security Week

Phosphorus was founded in 2017 by Chris Rouland (CEO), Earle Ady (CTO), and Rebecca Rouland (CFO). Chris Rouland is no newcomer to start-ups., having previously founded Bastille and Endgame. He also stood up the X-Force division at IBM where he was CTO and Distinguished Engineer. Phosphorus was born from an epiphany. In 2016 Rouland read…

Malware & Threats

Mobile Malware Attacks Dropped in 2021 but Sophistication Increased

Issued by: Security Week

The cybersecurity firm’s products detected nearly 3.5 million malicious installation packages on mobile devices in 2021, far less than the 5.7 million detected in the previous year. However, it’s worth noting that the number recorded in 2021 is almost exactly the same as in 2019. A majority of these infection attempts targeted users in Asian…

Software Security

Open Source Code: The Next Major Wave of Cyberattacks

Issued by: Dark Reading

Open source software is ubiquitous. It has become an unequaled driver of technological innovation because organizations that use it don’t have to reinvent the wheel for common software components. However, the ubiquity of open source software also presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently)…

Cloud Security, Network Security

Security Analytics Firm Securonix Scores $1 Billion+ Growth Investment

Issued by: Security Week

The Addison, TX-based company offers a SaaS-based, multi-tenant security analytics, operations and response platform that provides visibility and advanced detection and response. According to Securonix, the massive funding will allow it to make significant investments in talent acquisition across engineering, cloud operations, threats labs, and sales and marketing. “We solve a very tough problem that…

Vulnerabilities

CISA Urges Organizations to Patch Recent Chrome, Magento Zero-Days

Issued by: Security Week

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

Malware & Threats

Mitigate Ransomware Risks With Modern Log Management

Issued by: Dark Reading

You might have the luxury of time when planning for a vacation, but cybersecurity teams do not have the time to hunt in the wrong haystack when responding to security incidents. Every second matters in the wake of an intrusion detection, as threat actors move quickly from the first breach point to various other points…