Risk Management Archives - Page 3 of 18

The benefits of cyber risk quantification in the modern cybersecurity landscape

Issued by: Help Net Security

Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification (CRQ) in the modern cybersecurity landscape. CRQ helps businesses evaluate the potential financial impact of cyber events on an organization and is becoming an increasingly critical part of risk management programs. The survey found that over 75%…

Malware & Threats

A Sheep in Wolf’s Clothing: Technology Alone is a Security Facade

Issued by: Security Week

After over 20 years in cybersecurity, I firmly believe that technology alone has not, and will not, win the war on cyberattacks. The idea of a purely technical solution providing lasting protection is flawed from the outset. The claims of security vendors that only bring technology to the cyber fight is the equivalent of a…

Network Security

SATCOM Cybersecurity Alert Issued as Authorities Probe Possible Russian Attack

Issued by: Security Week

CISA and the FBI have made a series of recommendations to help SATCOM network providers and customers strengthen cybersecurity. Network providers have been advised to implement additional monitoring capabilities for anomalous traffic related to SATCOM equipment. They have also been advised to read a recent threat assessment report from the Office of the Director of…

Network Security

SecurityWeek to Host 2022 Attack Surface Management Summit Today

Issued by: Security Week

SecurityWeek will host its 2022 Attack Surface Management Summit, Presented by Randori, as a fully immersive virtual event today. With the pandemic-induced digital transformation underway, security teams are turning to Attack Surface Management (ASM) tools to continuously discover, inventory, classify, prioritize, and monitor digital assets for signs of weaknesses. In this special virtual summit and…

Network Security

Shadowserver Starts Conducting Daily Scans to Help Secure ICS

Issued by: Security Week

The nonprofit cybersecurity organization is scanning the web for exposed services that use the Modbus industrial communications protocol on TCP port 502, but Shadowserver’s Piotr Kijewski told SecurityWeek that they plan on introducing many other ICS and operational technology (OT) protocol scans in the near future. Shadowserver has been working with national cybersecurity agencies, law…

Vulnerabilities

CISA Urges Organizations to Patch Recent Chrome, Magento Zero-Days

Issued by: Security Week

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

Malware & Threats

Cyber Insights 2022: Improving Criminal Sophistication

Issued by: Security Week

This is a result of basic mechanics: “When one object exerts a force on a second object, the second one exerts a force on the first that is equal in magnitude and opposite in direction.” In cyber, it means that when defenses get stronger, attackers get more sophisticated; and when attackers get more sophisticated, defenses…

Application Security, Software Security

Insurance and Fintech Firm Acrisure Launches Cyber Services Division

Issued by: Security Week

The new division provides clients with an integrated offering that combines cyber insurance with vulnerability scanning, email and endpoint security, and backup and recovery services. Headed by Bill Meara, who joins the company from private equity giant Abry Partners, Acrisure Cyber Services expands on the company’s existing products, including insurance, reinsurance, asset management, and real…

Application Security, Software Security

Cyber Insights 2022: Supply Chain

Issued by: Security Week

Mike Sentonas, CTO at CrowdStrike, comments, “Frankly put, supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. We haven’t nearly seen the end of these attacks, and the implications for each one are significant for both the victims and the victims’ customers and partners up and down the chain.”…

Network Security

Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws

Issued by: Security Week

Of the newly patched security flaws, nine are rated high-severity while six carry a “medium-severity” rating. The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines. Next in line is CVE-2022-22743, another fullscreen spoof, this time affecting the browser window. The bug could allow…