Trends that will shape the security industry in 2022
Entering 2022, the world continues to endure the pandemic. But the security industry has, no doubt, continued to shift, adapt, and develop in spite of things. Several trends have even accelerated. Beyond traditional “physical security,” a host of frontiers like AI, cloud computing, IoT, and cybersecurity are being rapidly pioneered by entities big and small…
Product showcase: Adaptive Shield SaaS Security Posture Management
Whether it’s Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring that these apps’ security settings are properly configured falls on the security team. The challenge lies within how burdensome this responsibility is: 1. Each app…
Enterprise data loss prevention market to reach $6.265 billion by 2026
The global enterprise data loss prevention market is projected to grow at a CAGR of 21.03% to reach $6.265 billion by 2026, from $1.647 billion in 2019, according to ResearchAndMarkets. The enterprise data loss prevention market is highly driven by the escalating demand for an optimized solution with a spike in cybersecurity threats to enterprises….
Log4Shell is a dumpster fire that should have been avoided
On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files…
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day…
Products used by children are not nearly as privacy-protecting as they should be
Common Sense Media released a report examining kids’ privacy trends and practices of hundreds of popular technology companies and products over the last five years. The report is the culmination of evaluating privacy policy data from 200 of the most popular companies and products aimed at children and students. The report finds some improvements for…
Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing…
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue. What are the attackers doing with these servers? Damian Menscher, a security…
MVSP: A minimum cybersecurity baseline to simplify vendor security assessment
Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party vendors having access to its critical systems and customer data. “Up until today, organizations of all sizes have had to design and implement their own security baselines for vendors that align with their risk posture. Unfortunately, this…
A multi-party data breach creates 26x the financial damage of single-party breach
Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today’s interconnected digital world. The study is based on an analysis of 897 multi-party breaches involving three or more interrelated companies. The impact of multi-party data breach events 897 multi-party data breach incidents, also referred to as…
