itsecuritywire.com
Action1 Introduces Continuous Patch Compliance with Automated Remediation of Security Vulnerabilities
Action1 Corporation, provider of the #1 cloud-native patch management platform designed for work-from-anywhere organizations, today released the new version of its solution. Updated Action1 helps internal IT departments and managed service providers (MSPs) intelligently automate patching and remediation of security vulnerabilities across their endpoints and monitor patching results in real-time. Consequently, the new version enables organizations to mitigate security and non-compliance risks in response to escalating cyber threats and strengthened regulations by ensuring continuous patch compliance.
itsecuritywire.com
NSA Exposes Chinese Hackers Exploiting Zero-Day Citrix Flaw
Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that a Chinese hacking group has already been caught exploiting the vulnerability. Citrix alerted users to CVE-2022-27518, a pre-auth remote code execution bug affecting the Citrix ADC...
itsecuritywire.com
CISA Warns of Vulnerabilities in Veeam Backup & Replication Used in Attacks
Two vulnerabilities affecting Veeam’s Backup & Replication product have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of known exploited vulnerabilities. On Tuesday, CISA added five vulnerabilities to its database, including ones that affect products from Veeam, Fortinet, Microsoft, and Citrix. The list now...
itsecuritywire.com
VMware Patches VM Escape Flaw Exploited at Geekpwn Event
The leader in virtualization technology, VMware, released emergency updates on Tuesday to address three security flaws in various software programs, including a virtual machine escape bug that was used in the GeekPwn 2022 hacking competition. Yuhao Jiang, an Ant Security researcher, exploited the VM escape vulnerability, referred to as CVE-2022-31705,...
itsecuritywire.com
Siemens Fixes 80 OpenSSL and OpenSSH Switch Flaws in ICS Patch Tuesday
With their December 2022 Patch Tuesday updates, industrial behemoths Siemens and Schneider Electric have fixed more than 140 vulnerabilities. Significantly more advisories and vulnerabilities were patched by Siemens. The business specifically published 20 new advisories that addressed about 140 security holes. Although Microsoft stated on Tuesday that it is taking...
itsecuritywire.com
Security Companies Alert Microsoft about Signed Drivers Applied to Kill EDR, AV Processes
Several cybersecurity firms have warned Microsoft that cybercriminals have been utilizing signed malicious drivers to terminate antivirus (AV) and endpoint detection and response (EDR) processes. Microsoft released an advisory to inform users about drivers approved by its Windows Hardware Developer Program being used by threat actors in post-exploitation activity, such...
itsecuritywire.com
Balbix Declares Industry-First Capabilities to Map Software Vulnerabilities and Endpoint Security Controls to the MITRE ATT&CK Framework
Balbix, the leader in cybersecurity posture automation, announced new platform capabilities to automatically map software vulnerabilities and endpoint security controls to the MITRE ATT&CK Framework. These new capabilities enable organizations to determine their unmitigated cyber risk accurately and better prioritize vulnerabilities for remediation. Security teams can use this information to reduce cyber risk faster and improve how they report risk to senior leadership and the board.
itsecuritywire.com
Core Aspects of Digital Immune Systems
Many cybersecurity experts are exploring opportunities to strengthen their cybersecurity posture by ingraining digital immunity into their business operations. Businesses-critical operations are becoming increasingly dependent on technology. This is especially true in hybrid work environments where success is dependent on providing seamless digital experiences across every device, no matter where employees are based. Irrespective of the immense benefits of hybrid work models and large-scale adoption of the cloud, it has also exposed businesses to various threats and risks. There is a tremendous amount of data generated in the cybersecurity field today. Previously enterprises used to operate on very few insights from their data. Enterprises that want to develop a resilient business network need to have a data-driven defense strategy that acts as a digital immune system that enables them to stay secure from various sophisticated threats.
itsecuritywire.com
Interpres Security Strenghtens Executive Team With Leaders From Devo Technology, the NSA and Mandiant
Interpres Security (Interpres), a company dedicated to helping companies optimize their security performance with a comprehensive new approach to managing the defense surface, today announced the appointment of three top executive hires. The expanded team will help Interpres pursue its mission of helping companies optimize the effectiveness of their current security stack.
itsecuritywire.com
Addressing the Security Risks Associated with Cloud Data
Since cloud storage and computing have made it feasible for every company to transform into an AI-backed, intelligent digital company, businesses will never return to their former data and security postures. Businesses need to modify how they use and store critical data in the cloud in a sensible way. Technology...
itsecuritywire.com
Delinea Presents Developers with Additional Flexibility and Security for Coded Credentials
Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today announced the newest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams. The latest features include Bring Your Own Key (BYOK), GitHub action integration, and user interface improvements that provide developers with enhanced flexibility and additional credential security controls when connecting application layers across cloud infrastructure.
itsecuritywire.com
SecurityGen launches 5G Cyber-security Lab
SecurityGen, the award-winning global provider of security solutions and services for the telecoms industry, today announced the launch of its new 5G Cyber-security Lab. This Lab is an innovative solution designed to help MNO security teams study and understand 5G networks, thus enabling them to prepare and protect their networks against potential security threats.
itsecuritywire.com
Hacker Alleges FBI’s Critical Infrastructure Portal Was Breached
A hacker who allegedly posed as the CEO of a financial institution claims to have gained access to the more than 80,000-member database of InfraGard, an outreach program run by the FBI that shares sensitive information on national security and cybersecurity threats with public officials and private sector actors who operate U.S. critical infrastructure.
itsecuritywire.com
Google Launches Vulnerability Scanner for Open Source Developers
This week, Google unveiled OSV-Scanner, a free scanner that open-source programmers can use to get information on vulnerabilities that are pertinent to their projects. Software projects are more susceptible to supply chain attacks and the exploitation of undiscovered vulnerabilities due to their numerous dependencies. Google last year launched an open source vulnerability database and is now offering a front-end for that database in the form of the OSV-Scanner in an effort to increase the ecosystem’s security by assisting the community in classifying vulnerabilities in open source software.
itsecuritywire.com
Twitter Reacts to Recent Reports of Data Breach
In response to recent reports of data leaks, Twitter confirmed that the information exposed is the same as the one that circulated earlier this year. The social media juggernaut disclosed in August that user data was obtained using a vulnerability that had been patched in January but hadn’t yet been fixed. The admission followed reports that the vulnerability had been used to gather information on 5.4 million users. The flaw, which was discovered in June 2021, made it possible for hackers to find out whether a particular phone number or email address was connected to an active Twitter account, even for accounts where this information was supposed to be private.
itsecuritywire.com
Critical Challenges of Security Operations Centers (SOCs)
The first layer of protection for the firm is the Security Operations Centers (SOCs) analysts. To protect their company from cyber-attacks, enterprises must properly train their employees and give them the right tools. Cyberattacks is also constantly getting more sophisticated; and the modern CISO is now accepting this reality and...
itsecuritywire.com
Wiz Introduces Free Cloud Framework to Drive Community-Backed Security
Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process.
itsecuritywire.com
SilverSky Raise Standards in MDR Services: with Continual Expert-Led Cyber Range Services
SilverSky, a cybersecurity innovator offering powerful managed detection and response (MDR) services, today announced the expansion of the SilverSky Cyber Range. As part of SilverSky’s current technology offers, its new 24-hour team of cybersecurity experts provides ever-growing and time-sensitive protections not available through most MDR providers. The SilverSky Cyber...
itsecuritywire.com
Lacework appoints Niels Provos as Head of Security Efficacy
Lacework®, the data-driven cloud security company, today announced the appointment of Niels Provos as the company’s first Head of Security Efficacy. Provos brings nearly two decades of industry experience in creating healthy engineering teams that build security infrastructure and systems that solve cloud security problems at scale. He puts a particular emphasis on treating security as an engineering problem.
itsecuritywire.com
CyberData Pros collaborates with Mastercard’s RiskRecon to launch global cybersecurity protection for businesses around the world
Cybersecurity experts, CyberData Pros, collaborate with RiskRecon, a Mastercard Company, to provide threat prevention services for clients worldwide. Specializing in data security, compliance, consulting and due diligence, CDP analysts provide solution-oriented awareness and implementation routes to improve and eliminate security risks for clients. RiskRecon is a SaaS platform that analyzes...
