Collaborate Disseminate
To pre-empt cybersecurity threats, today’s enterprises must have policies, processes and tools in place to not only defend against attacks but also strengthen their security posture by reducing organizational risk. Vulnerability management (VM) progra… Continue reading Winning at Vulnerability Management: 8 Best Practices
A million sites attacked by 20,000 different computers. Continue reading Botnet blasts WordPress sites with configuration download attacks
The cybersecurity landscape is constantly evolving, and even more so during this time of disruption. According to ISACA’s survey, most respondents believe that their enterprise will be hit by a cyberattack soon – with 53 percent believing it is l… Continue reading Increased attacks and the power of a fully staffed cybersecurity team
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2020.
EasyJet’s disclosure of a “highly sophisticated cyber-attack”, which occurred in January 2020, … Continue reading Cyber Security Roundup for June 2020
IT infrastructure is more complex and interconnected than ever. For attackers, this provides a gold mine for easy attack vectors….
The post What is Vulnerability Management? appeared first on Siemplify.
The post What is Vulnerability Management? appe… Continue reading What is Vulnerability Management?
It’s a fact that seems obvious at first, but jarring when put into context: cybercrime is a lucrative business that continues to grow at a remarkable rate, according to the authors of a sweeping overview of major security incidents over the past year. Eighty-six percent of the data breaches in 2019 were motivated by money, according to Verizon’s annual Data Breach Investigation Report, which was released Tuesday. While the techniques have shifted, the figure is a significant uptick from the 71% of breaches that were financially motivated in 2018. “Attackers are going to look anywhere they can to generate revenue,” said Gabriel Bassett, senior information security data scientist at Verizon, adding that scammers are going about this tactic by re-using stolen usernames and passwords, and experimenting with email scams. Verizon’s DBIR has emerged as a reliable benchmark in assessing corporate cybersecurity threats and defenses. This year’s iteration analyzed roughly 157,000 […]
The post Money is still the main motivating factor for hackers, Verizon report finds appeared first on CyberScoop.
Continue reading Money is still the main motivating factor for hackers, Verizon report finds
Microsoft has released a set of software upgrades meant to address more than 100 vulnerabilities in the company’s products, the latest in a series of scheduled updates that comes as many corporate security executives are working remotely. The announcement comes as part of Microsoft’s “Patch Tuesday” release, the batch of security updates that the company publishes each month to mitigate known vulnerabilities. The May 2020 list includes 111 vulnerabilities, including 13 “critical” issues, 91 classified as “important,” three “moderate” bugs and four “low” priority. Hackers don’t appear to be exploiting any of the vulnerabilities, according to the advisory. The updates pertain to vulnerabilities in Microsoft Edge, the Windows Defender security software, Microsoft Office, Internet Explorer, and a number of other products. Among the most urgent patches are meant to repair flaws in Microsoft SharePoint that could enable hackers to executive arbitrary code on a victim’s machine. One of the SharePoint vulnerabilities […]
The post Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities appeared first on CyberScoop.
Continue reading Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities
Directly after the WHO declared COVID-19 a global pandemic, an estimated 16 million US employees were sent home and instructed to work remotely, while governments around the world implemented widespread school closures impacting over 90 percent of the … Continue reading Sensitive data is piling up on enterprise devices, Windows 10 machines behind on patching
Days after researchers warned of critical vulnerabilities in popular data-management software, hackers have exploited the flaws to breach two organizations which rely on the technology. LineageOS, a free Android-based operating system, and Ghost, a nonprofit behind widely used blogging software, reported Sunday that unidentified hackers had breached their infrastructure in separate incidents. The disruptions are an example of how bugs found in widely used code often end up being exploited maliciously — even when software updates are available. Both LineageOS and Ghost rely on a tool for managing data centers and cloud-computing networks known as the Salt management framework. Cybersecurity company F-Secure reported two vulnerabilities in Salt last week which could enable attackers to execute code remotely and manipulate data. “Both of these vulnerabilities are exploitable by a remote, unauthenticated attacker,” said Rody Quinlan, a researcher at another security vendor, Tenable. Ghost said it was rebuilding its network. Customer data […]
The post Hackers seize on software flaw to breach two victims, despite patch availability appeared first on CyberScoop.
Continue reading Hackers seize on software flaw to breach two victims, despite patch availability
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2020.
As well reported, UK foreign exchange firm Travelex business operations were brought to a sta… Continue reading Cyber Security Roundup for May 2020