featured Archives - Page 28 of 75 - Cyber Security Minute

Product showcase: Adaptive Shield SaaS Security Posture Management

Issued by: Help Net Security

Whether it’s Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring that these apps’ security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is: 1. Each app…

Software Security

U.S. Government, Tech Giants Discuss Open Source Software Security

Issued by: Security Week

The recent disclosure and exploitation of vulnerabilities affecting the widely used Log4j logging utility have once again highlighted the importance of open source security and software supply chain security. The goal of the White House summit was to identify ways to improve the security of open source software and effectively support the open source community….

Network Security

Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws

Issued by: Security Week

Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating. The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines. Next in line is CVE-2022-22743, another fullscreen spoof, this time affecting the browser window. The bug could allow…

Software Security

Apache Foundation Calls Out Open-Source Leechers

Issued by: Security Week

“[The] community is defined by those who show up and do the work. Companies that build open source into their products rarely participate in their continued maintenance,” the ASF said in a position paper published ahead of a high-level White House meeting on open-source software security. “Only a tiny percentage of downstream companies (reusing the…

Malware & Threats

Attackers Hitting VMWare Horizon Servers With Log4j Exploits

Issued by: Security Week

The warning comes almost exactly one month after the first disclosure of a Log4j remote code execution vulnerability that threatens major damage on the internet and heightens the urgency for enterprise defenders to find and fix the issue. According to an advisory from NHS Digital, attackers are exploiting the critical vulnerability in the Apache Tomcat…

Application Security, Cloud Security, Network Security

Recorded Future Acquires SecurityTrails in $65M Deal

Issued by: Security Week

With this transaction, Somerville, Mass.-based Recorded Future gets a direct entry into the competitive continuous Attack Surface Management (ASM) business and new technology to help organizations with real-time visibility into networks and servers exposed to malicious actors. The $65 million deal comes less than a year after Recorded Future announced an early-stage investment in SecurityTrails…

Network Security

IoT’s Importance is Growing Rapidly, But Its Security Is Still Weak

Issued by: Security Week

The weakest link in most digital networks is the person sitting in front of the screen – the defining feature of the Internet of People (IoP). Because that’s where, through cunning and manipulative tactics, unsuspecting recipients can be tricked into opening toxic links. Little do they know, however, they’ve unwittingly opened the gates to digital…

Network Security

The Right to Work and Non-Competes in the Security Industry

Issued by: Security Week

I’d like to discuss the right to work. Security professionals have that right, and unfortunately, from time to time, certain individuals, organizations, or companies try to take that right away. In this piece specifically, I’d like to focus on the issue of non-competes. I understand that companies have employees sign non-competes. This is a common…

Vulnerabilities

Albanian Prime Minister Apologizes Over Database Leak

Issued by: Security Week

A file containing the personal identity card numbers, employment and salary data of some 637,000 people became public this week and was widely shared through messaging apps. Prime Minister Edi Rama said the leak is being investigated. “According to a preliminary analysis, it looks more like an internal infiltration rather than an outside … cyber-attack,”…

Vulnerabilities

400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company

Issued by: Security Week

Mon Health says it became aware of the intrusion on July 28, when a vendor notified it of a payment that had not come through. An investigation launched into the matter revealed that adversaries likely had unauthorized access to the email system between May 10 and August 15, 2021. As part of the incident, cybercriminals…