News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Reducing risks of cyber-physical systems
Reducing risks of cyber-physical systems

Classic vulnerability management solutions do not detect all risks of cyber-physical systems (CPS). Claroty's new Exposure Management is specifically designed for CPS risks in industry and healthcare facilities. Claroty, a specialist in cyber-physical systems (CPS) security, is introducing its new comprehensive solution for reducing CPS risks. Recent research has shown that 38 percent of the riskiest cyber-physical systems are overlooked by traditional vulnerability management approaches. Claroty's new Exposure Management is able to not only assess risks using conventional methods such as the CVSS score, but also to identify the actual, immediate threats and...

Read more

Financial institutions: Cloud vulnerability causes high damage
Financial institutions: Cloud vulnerability causes high damage

Financial institutions use the cloud for most applications and store their sensitive data there. Conventional security tools take care of the security. This makes it easy for cybercriminals to penetrate the IT of financial institutions. According to a study by Illumio Inc., the leading provider of zero-trust segmentation, the cyber risk for financial institutions increases significantly due to the use of the cloud. The study, conducted by the independent research company Vanson Bourne, found that in almost half (47%) of all cyberattacks in which the attackers penetrated the IT of financial institutions, the security vulnerability originally exploited was in the cloud. A single such data breach costs...

Read more

Fortigate devices: Chinese hackers had access to 20.000 systems 
B2B Cyber ​​Security ShortNews

A vulnerability in FortiGate devices was already exploited by Chinese hackers in 2022 and 2023. The Dutch Intelligence Service has now evaluated the incident: there was access to over 20.000 devices! Previous investigations by the Military Intelligence Service and the General Intelligence Service of the Netherlands found that Chinese hackers gained access to at least 20.000 devices worldwide by exploiting a vulnerability in FortiGate devices. During this zero-day period alone, 14.000 devices were compromised by the state actor. The targets included dozens of Western governments and diplomatic institutions as well as numerous companies active in the defense industry. Over 20.000 accesses by…

Read more

VMware vCenter Server: Patch critical vulnerability 
B2B Cyber ​​Security ShortNews

Broadcom offers patches for two vulnerabilities for VMware vCenter Server. One of them is critical with a CVSS value of 9.8, the second is highly dangerous with 7.8. Updates are available and should be installed immediately. It is important to act immediately when it comes to updates. According to Broadcom's Security Advisory, there are vulnerabilities in VMware vCenter Server relating to heap overflow and privilege escalation (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081). The CVSS values ​​are high at 7.8 to 9.8. The vulnerabilities are said not to have been exploited yet. These are other dangerous vulnerabilities that were found in VMware this year. VMware…

Read more

Nuclear and chemical plants: Biometric scanners with vulnerabilities
B2B Cyber ​​Security ShortNews

Experts have found 24 vulnerabilities in the hybrid biometric access terminals of the international manufacturer ZKTeco. The affected scanners are increasingly used in nuclear and chemical plants as well as hospitals. In addition to unauthorized access, the theft and sale of biometric data is also possible. The security gaps allow unauthorized persons to access protected areas, steal biometric data and place a backdoor. Kaspersky proactively shared the vulnerabilities with the manufacturer before they were published; it is currently unknown whether patches have been made available to fix the security gaps. The affected biometric scanners from ZKTeco are used in many…

Read more

Unrecognized risks in cyber-physical systems
B2B Cyber ​​Security ShortNews

38 percent of the riskiest cyber-physical systems (CPS) are missed by traditional vulnerability management approaches. This is the result of a new report from an XIoT security specialist. Solutions based solely on the Common Vulnerability Scoring System (CVSS) score draw attention to too many vulnerabilities that do not pose an immediate threat to the organization, while at the same time overlooking high-risk assets. This represents a blind spot that can be exploited by attackers. For the report, Claroty's research unit analyzed data from over 20 million CPS devices in the areas of operational technology (OT), connected medical devices (IoMT), IoT...

Read more

Android 12, 13 and 14: New vulnerabilities discovered 
B2B Cyber ​​Security ShortNews

The May 2024 Android security bulletin shows a long list of highly dangerous vulnerabilities in Google Android 12, 12L, 13 and 14. A critical security vulnerability affects Android 14. An update to the Google Play Store helps in some cases - otherwise only new security updates from the device manufacturer . The most serious May 2024 vulnerability affecting the Google Framework could lead to local escalation of privilege without requiring additional execution permissions. The high-risk vulnerabilities are listed under the following 4 CVEs: CVE-2024-0024, CVE-2024-0025, CVE-2024-23705, CVE-2024-23708. Also a critical system vulnerability The bulletin also lists for Android 14…

Read more

ArcaneDoor: Cisco espionage campaign discovered
B2B Cyber ​​Security ShortNews

Attackers target perimeter network devices, such as firewalls, to break into organizations. Cisco has identified the Line Runner and Line Dancer backdoors. These are 0-day vulnerabilities that admins should urgently patch. The backdoors belong to the identified ArcaneDoor campaign. Cisco has identified two vulnerabilities exploited in the ArcaneDoor campaign (CVE-2024-20353 CVSS 8.6 and CVE-2024-20359 CVSS 6.0). Patches for these vulnerabilities are already listed in published Cisco Security Advisories. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from various vendors. Perimeter network devices are…

Read more

Risk: High API growth without sufficient IT security 
Risk: High API growth without sufficient IT security

A study shows that nine out of ten decision makers know that APIs are a Trojan horse for cyberattacks - but most are not investing in advanced security applications. The current high API growth exacerbates the risks. A large majority of decision makers ignore the growing security risk of application programming interfaces (APIs) to their organizations. This is the conclusion of the latest survey of 235 IT and cybersecurity experts by Fastly, one of the world's fastest edge cloud platforms. APIs have long been recognized as one of the cornerstones of the digital economy. Latest figures show that the majority of the total…

Read more

How attackers slip through vulnerabilities in web applications
How attackers slip through vulnerabilities in web applications - Image by Mohamed Hassan on Pixabay

Access control vulnerabilities and data disclosure risks are the most common security flaws in corporate-developed web applications. This is shown by a current analysis in the period 2021 to 2023. This makes it too easy for attackers to break into companies. For its report, security specialist Kaspersky examined vulnerabilities in self-developed web applications from companies in the IT, government, insurance, telecommunications, cryptocurrencies, e-commerce and healthcare sectors. Self-developed web applications defective The majority (70 percent) of the vulnerabilities found concern the areas of data protection with regard to confidential information such as passwords, credit card details, health records, personal data and confidential…

Read more