Security vulnerabilities stories
Sysdig reveals 87% of Container Images have vulnerabilities
The report looks at real-world data to understand how global companies and industries use and secure cloud and container environments.
Will 2023 be a pivot year for cybersecurity?
In the past, mega vulnerabilities happened once a quarter, but this past year we've been dealing with critical vulnerabilities almost weekly in some cases.
Service meshes are an emerging way for application teams to implement Zero Trust
The challenge for organisations is that even with a secure perimeter, internal systems and data can be compromised if a malicious actor gets in or another internal system has a vulnerability.
China-based threat group targeting public cloud - Radware
Radware has issued a threat advisory about a for-profit threat group from China known as the 8220 Gang, who has emerged in the New Year targeting public cloud environments.
Trustwave provides new feature for threat hunting platform
Trustwave has relaunched its Advanced Continual Threat Hunting platform with a unique feature allowing its SpiderLabs threat hunting teams to carry out many more human-led threat hunts.
Claroty’s Team82 finds vulnerabilities in historian server
Claroty's research team, Team82, has examined the GE Proficy Historian, finding five exploitable vulnerabilities capable of causing damage to the system.
Data breach in 2023 to exceed US$5 million/incident: Acronis
Between July and October, Acronis found that the proportion of phishing attacks has risen by 1.3, accounting for 76% of all attacks.
GreyNoise Intelligence identifies exploitation threats for 2023
“When it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner media attention actually turn out to be insignificant."
Iran-sponsored group using GitHub to deploy custom malware
The Secureworks Counter Threat Unit (CTU) has uncovered a subgroup of Iranian Cobalt Mirage using GitHub to store and deploy malware.
China-based threat group targeting SE Asia, says Mandiant
Identified as UNC4191, this cyber espionage threat leverages USB devices as an initial infection vector, concentrates on the Philippines, and has a China nexus.
ASX 200 companies on-par with FTSE 350, Fortune 500 - report
A new report by Rapid7 has found that companies listed on the ASX 200 have a good security posture, and the attack surface overall is on-par with global counterparts in the FTSE 350 and Fortune 500.
Rapid7 unveils new capabilities to simplify CDR at AWS event
Rapid7 is showcasing a range of new capabilities at Amazon Web Services (AWS) re:Invent 2022, designed to make cloud detection and response (CDR) and vulnerability assessments easier.
Varonis Systems launches new program through HackerOne
Data security and analytics pioneer Varonis Systems has launched its public vulnerability disclosure program through HackerOne.
Forescout’s Vedere Labs details OT vulnerabilities in latest study
Forescout’s Vedere Labs disclosed an update to its OT:ICEFALL study distributed in June 2022, which detailed vulnerabilities found in thousands of OT devices.
Gallagher named Security Software Manufacturer of the Year
Global security manufacturer Gallagher has been awarded the Security Software Manufacturer of the Year accolade at the 2022 Security & Fire Excellence Awards.
Application Portfolio Management: A quick win today or a crisis tomorrow
It’s highly likely that Application Portfolio Management (APM) isn’t at the top of your to-do list. It may not even be on your list anymore.
HackerOne launches Gold Standard Safe Harbour statement
The GSSH is a short, broad, easily-understood safe harbour statement that’s simple for customers to adopt, HackerOne states.
Genetec warns against cyber crime risk from older systems
With the ever-increasing rise in cyber crime, Genetec is cautioning organisations of all sizes to be vigilant about the cybersecurity risk.
Varonis Labs discovers SQLi and access flaws in Zendesk
Varonis helped solve an SQLi vulnerability and an access control flaw in Zendesk Explore that would have allowed a threat actor to leak data.
Aqua Security unveils new Lightning Enforcer offering
Aqua Security has announced Lightning Enforcer, a new offering designed to stop zero-day attacks and protect critical vulnerabilities in production from being exposed until a patch can be applied.
Building on the ‘Essential Eight’ with a people-centric approach to cybersecurity
Organisations often combat threats by placing too much emphasis on technology alone and too little emphasis on people and their behaviour.
Text4Shell++ - Where there’s smoke, there’s fire
While being the generally nefarious and curious people that we are - we noticed some further interesting interpolation operators, which could potentially be abused by an attacker and had not been patched out.
Claroty's Team82 uncovers new ABB TotalFlow vulnerability
ABB TotalFlow is used within many large oil and gas utilities worldwide to calculate volume and flow rates for oil and gas, which are critical to electric power manufacturing and distribution.
Flashpoint releases a new ransomware prediction model
It links individual vulnerabilities in ransomware operations, helping vulnerability management teams prevent potential cyber extortion events with VulnDB.