itsecuritywire.com
Core Aspects of Digital Immune Systems
Many cybersecurity experts are exploring opportunities to strengthen their cybersecurity posture by ingraining digital immunity into their business operations. Businesses-critical operations are becoming increasingly dependent on technology. This is especially true in hybrid work environments where success is dependent on providing seamless digital experiences across every device, no matter where employees are based. Irrespective of the immense benefits of hybrid work models and large-scale adoption of the cloud, it has also exposed businesses to various threats and risks. There is a tremendous amount of data generated in the cybersecurity field today. Previously enterprises used to operate on very few insights from their data. Enterprises that want to develop a resilient business network need to have a data-driven defense strategy that acts as a digital immune system that enables them to stay secure from various sophisticated threats.
Security Companies Alert Microsoft about Signed Drivers Applied to Kill EDR, AV Processes
Several cybersecurity firms have warned Microsoft that cybercriminals have been utilizing signed malicious drivers to terminate antivirus (AV) and endpoint detection and response (EDR) processes. Microsoft released an advisory to inform users about drivers approved by its Windows Hardware Developer Program being used by threat actors in post-exploitation activity, such...
Living Security Collaborates with GuidePoint Security to Bring Leading Human Risk Management Solutions to a Broader Market
Living Security, the leader in Human Risk Management, today announced a strategic partnership with GuidePoint Security, a leading value-added reseller (VAR) enabling organizations to make smarter cybersecurity decisions and minimize their risk exposure. The collaboration will deliver Living Security’s industry-leading Human Risk Management solutions and security awareness training to even more organizations within GuidePoint Security’s ecosystem.
Vulcan Cyber and Four Inc. Collaborate to Bring Cyber Risk Management SaaS Platform to the Public Sector
Vulcan Cyber, developers of the cyber risk management platform for infrastructure, application and cloud vulnerabilities, today announced a partnership with Four Inc., a leading federal IT resale, financing, and contracts administration provider. Four Inc. will provide the Vulcan Cyber unified cyber risk and security posture management platform to the public sector through Four Inc.’s NASA Solutions for Enterprise-Wide Procurement (SEWPV), Information Technology Enterprise Solutions-Software 2 (ITES-SW2) contracts and its network of channel partners as part of Four Inc.’s boutique aggregation program. The program offers key elements to support and grow Vulcan Cyber business in the public sector.
VMware Patches VM Escape Flaw Exploited at Geekpwn Event
The leader in virtualization technology, VMware, released emergency updates on Tuesday to address three security flaws in various software programs, including a virtual machine escape bug that was used in the GeekPwn 2022 hacking competition. Yuhao Jiang, an Ant Security researcher, exploited the VM escape vulnerability, referred to as CVE-2022-31705,...
Wiz Introduces Free Cloud Framework to Drive Community-Backed Security
Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process.
Action1 Introduces Continuous Patch Compliance with Automated Remediation of Security Vulnerabilities
Action1 Corporation, provider of the #1 cloud-native patch management platform designed for work-from-anywhere organizations, today released the new version of its solution. Updated Action1 helps internal IT departments and managed service providers (MSPs) intelligently automate patching and remediation of security vulnerabilities across their endpoints and monitor patching results in real-time. Consequently, the new version enables organizations to mitigate security and non-compliance risks in response to escalating cyber threats and strengthened regulations by ensuring continuous patch compliance.
Balbix Declares Industry-First Capabilities to Map Software Vulnerabilities and Endpoint Security Controls to the MITRE ATT&CK Framework
Balbix, the leader in cybersecurity posture automation, announced new platform capabilities to automatically map software vulnerabilities and endpoint security controls to the MITRE ATT&CK Framework. These new capabilities enable organizations to determine their unmitigated cyber risk accurately and better prioritize vulnerabilities for remediation. Security teams can use this information to reduce cyber risk faster and improve how they report risk to senior leadership and the board.
Addressing the Security Risks Associated with Cloud Data
Since cloud storage and computing have made it feasible for every company to transform into an AI-backed, intelligent digital company, businesses will never return to their former data and security postures. Businesses need to modify how they use and store critical data in the cloud in a sensible way. Technology...
Reasons Why Cybersecurity Compliance is Vital for Businesses
With the overwhelming impact of technology on businesses, cybersecurity compliance has been steadily gaining a place in the mainstream ensuring adherence to all the relevant cyber regulatory requirements and national and state-level cyber laws. As technology company tries their best to win the confidence of their customers and regulators, the...
CyberData Pros collaborates with Mastercard’s RiskRecon to launch global cybersecurity protection for businesses around the world
Cybersecurity experts, CyberData Pros, collaborate with RiskRecon, a Mastercard Company, to provide threat prevention services for clients worldwide. Specializing in data security, compliance, consulting and due diligence, CDP analysts provide solution-oriented awareness and implementation routes to improve and eliminate security risks for clients. RiskRecon is a SaaS platform that analyzes...
Adobe Patches 38 Flaws in Enterprise Software Products
Adobe resumed its regular Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in numerous enterprise-facing products after missing it last month. The San Jose, California-based software developer warned that the flaws could put users at risk of privilege escalation and code execution attacks on all types of computing platforms. The content management software used by corporate marketing teams, Adobe Experience Manager (AEM), has the most serious flaws. In the AEM Cloud Service (Release 2022.10.0), Adobe claimed to have fixed at least 33 bugs, and it issued a warning about the possibility of serious hacker attacks.
Interpres Security Strenghtens Executive Team With Leaders From Devo Technology, the NSA and Mandiant
Interpres Security (Interpres), a company dedicated to helping companies optimize their security performance with a comprehensive new approach to managing the defense surface, today announced the appointment of three top executive hires. The expanded team will help Interpres pursue its mission of helping companies optimize the effectiveness of their current security stack.
SecurityGen launches 5G Cyber-security Lab
SecurityGen, the award-winning global provider of security solutions and services for the telecoms industry, today announced the launch of its new 5G Cyber-security Lab. This Lab is an innovative solution designed to help MNO security teams study and understand 5G networks, thus enabling them to prepare and protect their networks against potential security threats.
FireTail, an API Security Company, Raises USD 5 Million
This week, API security startup FireTail announced that it had raised USD 5 million in an early-stage financing round, which was headed by Paladin Capital Group and included General Advance, Secure Octane, Zscaler, and angel investors. The Mclean, Virginia-based company, which was established in 2021, suggests a novel strategy for...
Implementing the Right Risk Assessment Methodology for the Organization
It is crucial to view risk assessment as a positive exercise that advances the goals of the organization and to translate the level of risk into its implications for reputation, operations, or finances. Adequate information security is built upon the risk assessment methodology, and there are many risk methodologies available...
Siemens Fixes 80 OpenSSL and OpenSSH Switch Flaws in ICS Patch Tuesday
With their December 2022 Patch Tuesday updates, industrial behemoths Siemens and Schneider Electric have fixed more than 140 vulnerabilities. Significantly more advisories and vulnerabilities were patched by Siemens. The business specifically published 20 new advisories that addressed about 140 security holes. Although Microsoft stated on Tuesday that it is taking...
Ballistic Ventures Appoints David Hahn as Inaugural CISO-in-Residence
Ballistic Ventures, the venture capital firm dedicated exclusively to funding and incubating entrepreneurs and innovations in cybersecurity, today announced the launch of its Chief Information Security Officer (CISO)-in-Residence program. The VC firm named seasoned CISO David Hahn as its inaugural CISO-in-Residence. “CISOs today are under increasing pressure to prevent, respond...
Lacework appoints Niels Provos as Head of Security Efficacy
Lacework®, the data-driven cloud security company, today announced the appointment of Niels Provos as the company’s first Head of Security Efficacy. Provos brings nearly two decades of industry experience in creating healthy engineering teams that build security infrastructure and systems that solve cloud security problems at scale. He puts a particular emphasis on treating security as an engineering problem.
Google Launches Vulnerability Scanner for Open Source Developers
This week, Google unveiled OSV-Scanner, a free scanner that open-source programmers can use to get information on vulnerabilities that are pertinent to their projects. Software projects are more susceptible to supply chain attacks and the exploitation of undiscovered vulnerabilities due to their numerous dependencies. Google last year launched an open source vulnerability database and is now offering a front-end for that database in the form of the OSV-Scanner in an effort to increase the ecosystem’s security by assisting the community in classifying vulnerabilities in open source software.
