vulnerability
VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities (CVE-2021-21975, CVE-2021-21983) recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote …
The growing threat to CI/CD pipelines
Before the pandemic, most modern organizations had recognized the need to innovate to support developers’ evolving workflows. Today, rapid digitalization has placed a …
Nearly 40% of new ransomware families use both data encryption and data theft in attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure. One of the …
Using memory encryption in web applications to help reduce the risk of Spectre attacks
There’s nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Röttger and Artur Janc …
5G network slicing vulnerability leaves enterprises exposed to cyberattacks
AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental …
Hidden areas of security and the future of hybrid working
The pandemic has changed how many companies operate in a short period of time. Over the last year we’ve witnessed most organizations with office-based workforces having to …
Total combined fraud losses climbed to $56 billion in 2020
While total combined fraud losses climbed to $56 billion in 2020, identity fraud scams accounted for $43 billion of that cost. Traditional identity fraud losses totaled $13 …
80% of security leaders would like more control over their API security
There are major gaps in API security based on insights from over 100 senior security leaders at large enterprises in the United States and Europe, an Imvision report reveals. …
How to stay ahead of the rise of synthetic fraud
While banks have been successful in reducing card fraud in recent years, a new and rising threat has emerged: synthetic identity fraud. By combining real and falsified …
The financial impact of cybersecurity vulnerabilities on credit unions
Cybersecurity vulnerabilities among credit unions and their vendors create the potential for large financial impacts to the credit union industry, according to a Black Kite …
Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers’ activities
Microsoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security …
March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day
As system administrators and security teams around the world are working on ascertaining whether they’ve been breached and compromised via vulnerable Microsoft Exchange …