Vulcan Cyber released the results of its latest vulnerability remediation maturity research project. A survey of more than 100 enterprise security executives across North America and EMEA found that most enterprise cybersecurity and vulnerability management organizations lack the ability to drive remediation initiatives, to reduce risk and achieve acceptable levels of cyber hygiene.
COVID made “flatten the curve” a household phrase in 2020, but did you know the concept also applies to vulnerability exploits? It turns out that what’s past is prologue in exploit trends. By tracking which attacks are being exploited the most, organizations discover important information to help proactively determine their vulnerability and risk. But it is also important to track attacks where activity has increased the most within a specified timeframe. It only takes one critical exploit to cause significant damage and, once inside the network, the attacker will need to move laterally and probably deploy additional exploits. That’s why understanding which exploits have the greatest likelihood of arriving on the network’s doorstep helps organizations prioritize patch management and risk assessment. This remains top of mind as cyber adversaries continue to maximize vulnerabilities, as we have recently seen with DearCry ransomware, for example.
In a new study that surveyed enterprises with 3,000 or more employees, 60% of respondents are concerned pentesting gives them limited coverage or leaves them with too many blind spots.
Pennsylvania Governor Tom Wolf announced the availability of $5 million in funding for security enhancement projects for nonprofit organizations serving diverse communities throughout the commonwealth. Grant awards can range from $5,000 to $150,000 for a wide variety of eligible items, including: Safety and security planning and training; Purchase of safety and security equipment and technology; Upgrades to existing structures that enhance safety and security; and Vulnerability and threat assessments.
Pennsylvania Governor Tom Wolf announced the availability of $5 million in funding for security enhancement projects for nonprofit organizations serving diverse communities throughout the commonwealth. Grant awards can range from $5,000 to $150,000 for a wide variety of eligible items, including: Safety and security planning and training; Purchase of safety and security equipment and technology; Upgrades to existing structures that enhance safety and security; and Vulnerability and threat assessments.
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
A security researcher published a blog outlining the details of common misconfigurations in Salesforce that can result in guest users, or hackers leveraging guest user access, gaining access to sensitive data in Salesforce.
Microsoft recently warned that more cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks.
Threat actor TA505, a financially motivated threat group that has been active since at least 2014, is now exploiting this vulnerability.
The Cybersecurity and Information Security Agency (CISA) has released an infographic mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
The Cybersecurity and Infrastructure Security Agency (CISA) released the Guide to Vulnerability Reporting for America’s Election Administrators. The guide walks election officials through the steps of establishing a vulnerability disclosure program.
When we do a risk assessment, we evaluate the facility’s needs and identify any gaps in their physical security barriers and policies and procedures. Why should you integrate security early in the design process?
