Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right. When it comes to addressing their backlog of unfixed security issues, many software development organizations are facing an uphill battle. One reason is the proliferation of automated security tools. Adopting automated solutions helps developers and security shift testing left and eliminate time-consuming manual processes, and...
Read More
Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against healthcare organizations demonstrated this month. It is also becoming more capable. In particular, ransomware writers are aware that backups are an effective defense and are modifying their malware to track down and eliminate the backups. Ransomware targeting backups Ransomware will now delete any backups it happens to come across along...
Read More
One of the smartest moves you can make to protect employees, especially those working from home, is to encourage them to use a password manager. It’s one of the easiest, too. Keyword best practices pertain to complexity, change frequency and uniqueness. Each best practice is intended to mitigate known attack methods and harden your online identities to both prevent compromise and limit the damage if account...
Read More
Virtual appliances are a popular way for software vendors to distribute their products to enterprise customers as they contain all the necessary pre-configured software stacks their applications need to function and can be deployed in public clouds or private data centers with ease. Unfortunately, enterprises are at risk of deploying images that are vulnerable out-of-the-box according to a new study. It found that many vendors,...
Read More
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. "This enables an attacker to quietly take over the App Service's git server,...
Read More
If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers...
Read More