What can March Madness and 538 teach us about cybersecurity risk?
I love this time of year, with March Madness excitement in the air and my Notre Dame Fighting Irish still in the tournament (as of the writing of this column)! More importantly – yes, more importantly – I love monitoring the 538 March Madness prediction website to see how the chances of winning change through…
Ransomware, Malware-as-a-Service Dominate Threat Landscape
Red Canary’s 2022 Threat Detection Report (PDF) analyzed more than 30,000 confirmed threats across the firm’s customer base. The report notes that ransomware criminals have responded to improving target company backups by introducing sensitive data exfiltration and the threat of exposure (double extortion). “Backups will allow an organization to get back up and running more…
High-Severity UEFI Vulnerabilities Patched in Dell Enterprise Laptops
On March 10, Dell announced patches for five SMM vulnerabilities in the UEFI – the successor of the BIOS firmware interface – of 45 device models, including multiple Alienware, Inspiron, and Vostro laptop models. Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity security bugs (CVSS score of 8.2) are described as improper input…
3 factors impacting your cloud security
The move to the cloud has forced many CIOs to change how they think about security. Since much of the responsibility to secure infrastructure is now outsourced to cloud providers, CIOs need to focus higher in the stack to ensure that configurations are correct and data is not inadvertently exposed. As you assess your operations…
Attacks Abound in Tricky Threat Terrain: 2021 Annual Cybersecurity Report
The digital transformations that had enabled many enterprises to stay afloat amid the Covid-19 health crisis also brought about major upheavals in cybersecurity, the impact of which was still widely felt in 2021. Trend Micro detected and blocked more than 94 billion threats over the course of last year, keeping pace with malicious actors who…
Google Patches Critical Vulnerability With Chrome 99 Update
The critical flaw, tracked as CVE-2022-0971, has been described as a use-after-free issue affecting the Blink Layout component. Sergei Glazunov of Google Project Zero has been credited for reporting the flaw. Google doesn’t often assign a “critical severity” rating to Chrome vulnerabilities. In fact, over the past year, only four other Chrome updates fixed a…
Hackuity Emerges From Stealth With $13 Million in Funding
The Series A funding round was led by Sonae IM and received participation from previous investor Caisse des Dépôts. To date, the company has raised $17.2 million. Founded in 2018, the Lyon, France-based Hackuity is focused on helping cybersecurity teams identify, prioritize, and resolve vulnerabilities before threat actors start exploiting them. The company’s approach to…
HD Moore’s Rumble Raises $15M Series A Investment
The Austin, Texas-based Rumble on Monday announced it had banked a new $15 million in Series A financing from Decibel Partners and a laundry-list of boldface cybersecurity practitioners. Rumble, created by HD Moore (of Metasploit fame), sells technology to help defenders monitor exposed attack surfaces. The company said the new money will help accelerate go-to-market…
High-Severity Vulnerabilities Patched in Omron PLC Programming Software
An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8. CX-Programmer, which is part of Omron’s CX-One automation software suite, is designed for programming and debugging Omron programmable logic controllers (PLCs). According to the U.S. Cybersecurity and…
U.S. State Governments Targeted by Chinese Hackers via Zero-Day in Agriculture Tool
In a blog post published on Tuesday, cybersecurity research and incident response company Mandiant said it became aware of the campaign in May 2021, when it was called in to investigate an attack on a U.S. state government network. An analysis revealed that the attack had likely been carried out by a Chinese state-sponsored threat…
