The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S, Federal Bureau of Investigation (FBI), have co-authored a new advisory which provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.
In a survey of enterprise IT security executives conducted by Vulcan Cyber, 76% of respondents indicated that a security vulnerability had impacted their business in the last year.
SonarSource cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra - email collaboration software used by global enterprises - that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.
Additional report findings include 64% of survey respondents have delayed an application rollout over API security concerns and 94% have experienced an API security incident
July 28, 2021
Salt Security released the Salt Labs State of API Security Report, Q3 2021, revealing significant challenges in addressing API security, with all customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.
To celebrate the anniversary of its Vulnerability Reward Program and ensure the next 10 years are just as successful and collaborative, Google announced the launch of its new platform, bughunters.google.com. The new site brings all VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues.
Apple has released security updates to address zero-day vulnerability exploited in the wild, impacting iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher, BleepingComputer reports.
Organizations are also navigating an increasingly complex regulatory landscape where failure to comply can and has led to costly fines, a damaged corporate reputation, and lost business opportunities. Data has truly proven to be an invaluable asset, but also an unbounded risk if not properly managed.