vulnerabilities Archives - Page 16 of 63

Black Basta Ransomware Targets ESXi Servers in Active Campaign

Issued by: Dark Reading

The Black Basta ransomware emerged last month to target Windows-based systems only, but now the latest ransomware binary is going after VMware virtual machines (VMs). The latest variant looks to encrypt VMs present inside the volumes folder (/vmfs/volumes) on ESXi-based systems and servers, according to research shared with Dark Reading by Uptycs. It uses the…

Mobile Security, Software Security

Apple Announces New Security Update Feature in iOS 16, macOS Ventura

Issued by: Security Week

The new feature, named Rapid Security Response, will become available in the upcoming iOS 16 and macOS Ventura, both scheduled for release in late 2022. According to Apple, important security updates will be delivered to iPhones and Macs in between standard software updates. In addition, they can be applied automatically and they do not require…

Malware & Threats

Building America’s Cybersecurity Infrastructure

Issued by: Dark Reading

Our nation is facing some of the most daunting cybersecurity challenges in history. As the new Office of the National Cyber Director (ONCD) gets fully staffed and running, little is more important to the nation’s security than making sure the right people are in the right places to address these dynamic challenges. Bringing private industry…

Vulnerabilities

New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada

Issued by: Dark Reading

CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern, CyberCatch’s SMBVR has detected – for the first time in the report’s history —…

Malware & Threats

How to Keep Your Enterprise Safe From Digital Supply Chain Attacks

Issued by: Dark Reading

The digital supply chain is under attack like never before. Listed among the top three security concerns for 2022 by Gartner, digital supply chain security is now top of mind for cybersecurity teams, CISOs, and the entire C-suite. For the first time, digital supply chain attacks are threatening business continuity for large-scale enterprises. Why the…

Mobile Security

Microsoft Finds Major Security Flaws in Pre-Installed Android Apps

Issued by: Security Week

According to an advisory released Friday by the Microsoft 365 Defender Research Team, a total of four documented vulnerabilities were found – and fixed – in a mobile framework owned by mce Systems, an Israeli company that provides software to mobile carriers. “Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could…

Vulnerabilities

Exploitation of VMware Vulnerability Imminent Following Release of PoC

Issued by: Security Week

The vulnerability, tracked as CVE-2022-22972, affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It allows a malicious actor who has network access to the UI to bypass authentication. Shortly after VMware released patches, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors would “quickly develop a capability to exploit CVE-2022-22972,”…

Application Security

Tidelift Raises $27 Million to Tackle Open Source Supply Chain Security

Issued by: Security Week

High profile supply chain attacks like SolarWinds, Kaseya, Codecov, ua-parser-js and Log4j have put pressure on companies and governments to address the risks associated with open source and other software supply chain risks. President Biden’s May 2021 Executive Order includes supply chain attacks as an area of concern. More recently, on January 13, 2022, a…

Network Security

C-Suite Must Mitigate Siloes to Mitigate Security Risks

Issued by: CIO Security

As organizations grow, functions that started as one person’s job get split across multiple organizational units and multiple executives, often without thoughtful planning. Specialization enables experts to dig deep into each job but creates several problems: A lack of a single accountable executive (or worse, having multiple executives, each of whom manages part of the…

Software Security

XDR Isn’t Enough to Protect Your Organization: The Importance of Adversary Detection and Response

Issued by: CIO Security

It’s more difficult than ever to protect our infrastructure, government, and businesses from becoming victims of well-funded, skilled adversaries. From the Log4j vulnerability to the SolarWinds hack to the Colonial Pipeline cyberattack, organizations are more vulnerable to cyberattacks than ever before. In fact, 87% of enterprises across 11 countries have fallen victim to cyberattacks in…