vulnerability
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
Tor2Mine cryptominer has evolved: Just patching and cleaning the system won’t help
Sophos released new findings on the Tor2Mine cryptominer, that show how the miner evades detection, spreads automatically through a target network and is increasingly harder …
The importance of vulnerability management for your organization
Everyone is familiar with home burglaries. Criminals case a house looking for easy access through open windows, unlocked doors, open garages, and the like. Hackers take the …
API security awareness: The first step to better assessing the risk
In this Help Net Security interview, Tal Steinherz, CTO at Wib, talks about the importance of API security awareness and how to tackle numerous threats that are plaguing it. …
Despite the popularity of password managers, many still use pen and paper
Password managers are a near-defacto standard for organizations, with 86% reporting they are being put to use, according to a Bitwarden survey of over 400 U.S. IT decision …
Control failures are behind a growing number of cybersecurity incidents
Data from a survey of 1,200 enterprise security leaders reveals that an increase in tools and manual reporting combined with control failures are contributing to the success …
150+ HP multifunction printers open to attack (CVE-2021-39237, CVE-2021-39238)
Over 150 HP multifunction printers (MFPs) are open to attack via two exposed physical access port vulnerabilities (CVE-2021-39237) and two different font parsing …
How to combat ransomware with visibility
In the first half of 2021, average ransomware demands surged by 518%, while payments climbed by 82%. There has been a growing number of attacks in healthcare, with 560 …
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Ethical hackers and the economics of security research
Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in …
Lack of API visibility undermines basic principle of security
One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack …
Reality check: Your security hygiene is worse than you think it is
Sevco Security published a report which explores the gap between perceptions and realities of security hygiene and asset management. Leveraging findings from ESG’s “Security …
Featured news
Resources
Don't miss
- The modern CISO is a cornerstone of organizational success
- Best practices for ensuring a secure browsing environment
- Kata Containers: Open-source container runtime, building lightweight VMs
- Why software is the key to FI risk management
- Hottest cybersecurity open-source tools of the month: December 2024