Security vulnerability - Articles - Page 5

Azure customers warned of critical Cosmos DB vulnerability

August 30, 2021

A critical security vulnerability in Microsoft’s Azure cloud database platform – Cosmos DB – could have allowed complete remote takeover of accounts, with admin rights to read, write and delete any information to a database instance.

ProxyShell flaws being actively exploited

August 24, 2021

According to the Cybersecurity and Infrastructure Security Agency (CISA), malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-3447, CVE-2021-3452, and CVE-2021-3120. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine.

Average time to fix severe vulnerabilities is 256 days

August 24, 2021

In this month's AppSec Stats Flash, the “Management of Companies and Enterprises” sector continued its run to become the most vulnerable sector.

Zero-day vulnerability affects Cisco small business routers

August 23, 2021

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

Confronting your fear of ransomware

Guido Grillenmeier

August 20, 2021

With the proliferation of ransomware attacks, every business feels the pressure—and often a sense of futility—in defending against cybercriminals. But companies can regain control by focusing on one of the most common attack vectors: Active Directory.

Effective cyber risk mitigation requires a holistic mindset-shift

Tim Grieveson

August 16, 2021

Companies need to create a digital ecosystem where cybersecurity is an expectation, not an ‘add-on,’ writes Tim Grieveson, Chief Information Security Officer at AVEVA.

US, UK and Australia issue joint cybersecurity advisory on top targeted vulnerabilities

July 29, 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S, Federal Bureau of Investigation (FBI), have co-authored a new advisory which provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.

76% of companies impacted by it vulnerabilities in the last year

July 29, 2021

In a survey of enterprise IT security executives conducted by Vulcan Cyber, 76% of respondents indicated that a security vulnerability had impacted their business in the last year.

Palo Alto Cortex Xpanse Researchers identify missing metric for a modern SOC

May 24, 2021

Palo Alto Cortex Xpanse research team spent the first three months of 2021 monitoring the activities of attackers to better understand how much of an edge adversaries have in detecting systems that are vulnerable to attack. They followed a benchmark that they call “mean time to inventory” (MTTI), which is simply how long it takes somebody to start scanning for a vulnerability after it’s announced. Xpanse research found 79% of observed exposures occurred in the cloud.

FIRST 33rd Annual Conference to be streamed live June 7-9, 2021

Under the theme – ‘Crossing Uncertain Times’, the conference will feature prominent global speakers from the Incident Response and Security Teams community

May 17, 2021

The Forum of Incident Response and Security Teams (FIRST) will hold its 33rd annual conference next month, June 7-9, 2021. Held online, the 33rd FIRST Conference: ‘Crossing Uncertain Times,’ is set to stream live from June 7, UTC at 1200hrs. The three-day event will feature keynote presentations highlighting recent global security incidents, pertinent industry panel discussions, and a range of presentations by global experts from across the incident response and security industry.