A record number of critical and high severity vulnerabilities were logged to the National Institute of Standards and Technology (NIST) and its National Vulnerability Database (NVD) in 2020. THE NVD is a repository of Common Vulnerabilities and Exposures (CVEs) reported by security professionals, researchers and vendors. It is used by security teams around the world to stay up to date with security vulnerabilities as they are discovered. In January 2021, Redscan performed an analysis of the NVD to examine security and vulnerability trends. Their report focuses on vulnerabilities discovered in 2020, but also highlights wider CVE trends that have emerged since 1989.
As organizations look to strengthen their enterprise data security and privacy programs, they must consider the new risks that remote work has uncovered. More specifically, how legacy business applications and ERP systems may be exposing organizations to new levels of risk because these applications were not designed for user access from unmanaged networks and devices.
Healthcare Delivery Organizations (HDOs) are arguably the most pressured organizations in 2020, not only needing to treat the many patients infected by coronavirus, but also defend themselves against a growing number of cyberattacks targeted at their industry. Here are five cybersecurity challenges researchers found facing Healthcare Delivery Organizations today:
In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cybercriminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.
After auditing the security of Helpdesk Software solution Deskpro in accordance with the company's Responsible Disclosure Bug Bounty Program, the Checkmarx Security Research Team discovered a severe cross-site scripting (XSS) issue that can be exploited multiple ways.
New research from Tessian finds that almost one-third of people have fallen victim to a cyber romance scam, posing a new warning: don’t get cat-phished this Valentine’s Day.
In today’s world, business process automation solutions are considered the fastest-growing segment on the global enterprise software market. However, both business owners and frequent users alike often express their doubts about the capability of automation tools to operate at the proper level required by enterprise data security, especially with many employees working from home due to the pandemic.
Security ratings or cybersecurity ratings are a data-driven, objective, and dynamic measurement of an organization's security posture and cybersecurity performance. To learn more about the benefits of security ratings, we speak to Christos Kalantzis, Chief Technology Officer at SecurityScorecard.
INKY processed 656,954,951 emails in 2020. From this data, they ranked the top 25 most-phished brands during 2020. In round numbers, that’s two-thirds of a billion.
Lookout, Inc. announced the discovery of two novel Android surveillanceware, Hornbill and SunBird. The Lookout Threat Intelligence team believes these campaigns are connected to the Confucius APT, a well-known pro-India state-sponsored advanced persistent threat group. Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS message content, encrypted messaging app content, geolocation, contact information, call logs, as well as file and directory listings. The surveillanceware targets personnel linked to Pakistan’s military and nuclear authorities and Indian election officials in Kashmir.