News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: weak points

Log4j - Log4Shell Alert - Just an Isolated Case?
14. February 2022
| No comments
| Stories
Log4j - Log4Shell Alert – Just an Isolated Case?

The answer to the question of whether Log4j / Log4Shell was unique is no. Certainly, the impact of the Log4Shell vulnerability was unusual. But RCE vulnerabilities are not uncommon. This was also shown by the attack in spring 2021 by the group known as "Hafnium" on Microsoft Exchange. Software modules, such as the currently affected library, which are used in many applications in parallel and thus offer a wide range of attack points, are also part of everyday IT life. Still – what is special about the Log4j / Log4Shell incident is that all these factors come together. Other weaknesses in everyday IT This at least happens rarely,…

Read more

Finding vulnerabilities: Free tool ENIP & CIP Stack Detector
6. February 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Team82, the research department of industrial cybersecurity specialist Claroty, is now making its self-developed EtherNet/IP stack detection tool ENIP & CIP Stack Detector available free of charge via its GitHub repository to anyone interested in detecting vulnerabilities. The tool can be used by cybersecurity researchers, OT engineers and industrial plant operators to identify and classify the ENIP stack code of their deployed commercial and homegrown products. This allows them to better assess their exposure to newly discovered vulnerabilities and then prioritize updates. Assess Vulnerabilities - Prioritize Updates Team82 has used the EtherNet/IP & CIP Stack Detector as the core of several ENIP related projects…

Read more

Study: Attacks on the software supply chain tripled
6. February 2022
| No comments
| PR News
Study: Attacks on the software supply chain tripled

Aqua Security, the leader in cloud-native security, announces the results of the latest Software Supply Chain Security Review study into software supply chain attacks. Over a period of six months, the experts were able to determine that the attacks in 2021 tripled compared to 2020. Cyber ​​criminals target vulnerabilities in the software supply chain to inject malware and backdoors. To do this, they mainly use security gaps in open source software, inject malicious code (“poisoning”) and exploit general problems with the integrity of software code. The Software Supply Chain Security Review study was conducted by Argon…

Read more

Over 3 million insecure Windows computers in German households
22 January 2022
| No comments
| ESET, Short news
Eset_News

The good news: private users invest in their software and hardware and protect themselves against cyber attacks. Nevertheless, over 3 million insecure Windows computers work in German households. In German households there are around 48 million computers running the Windows operating system. The corona pandemic has led to private users replacing their old devices and even buying more devices. The vast majority of computers have a recent version of Windows installed. Nevertheless, over three million devices are still being operated with an outdated variant. After all, that's around two million less insecure PCs than...

Read more

250. Industrial Cybersecurity - ICS vulnerability identified
25 December 2021
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Team82, Claroty's research department, identified the 250th ICS vulnerability and took stock: the majority of the vulnerabilities enable execution of unauthorized code and can be exploited remotely. Just over two years after its inception, Team82, the research division of industrial cybersecurity specialist Claroty, published its 250th critical vulnerability in industrial control systems (ICS). Critical weak points in industrial control systems The identified security gaps concern software, firmware and communication protocols of industrial plants as well as facilities of the critical infrastructure and thus have a direct impact on the population worldwide, for example in the area of ​​water supply. A good three quarters of the weak points are ...

Read more

Log4j alarm: this is what Trend Micro recommends
17 December 2021
| No comments
| Stories
Log4j Log4shell

As an immediate reaction to log4j, companies can follow detailed recommendations and apply existing patches and apply best practices. But in a second step you should take a general look at processes related to software supply chains. Ultimately, Log4Shell, however security-relevant the gap may be, is “only” a faulty component in the software supply chain, ”says Udo Schneider, IoT Security Evangelist Europe at Trend Micro. Log4Shell - Do you know your software supply chain? The critical threat posed by the Log4Shell vulnerability naturally requires an immediate response. But in the second step, companies generally have to ask themselves questions about ...

Read more

IoT security: the sore point in the hospital
11 December 2021
| No comments
| PR News
IoT security: the sore point in the hospital

The attackers are interested in IoT devices in hospitals. Independent of the industry, experts have been warning of corresponding IoT vulnerabilities for years. An analysis by Marc Laliberte, Technical Security Operations Manager at WatchGuard. Since January 2021, the German federal government has provided three billion euros for the digitization of hospitals as part of the Hospital Future Act. A further 1,3 billion come from the federal states. The goal: a comprehensive investment program for modern emergency capacities, digitization and, last but not least, measures to increase IT security. With the last point in particular, the urgency to act is obvious, because clinics are always ...

Read more

Watering hole attacks on the media, governments and defense companies
20 November 2021
| No comments
| ESET, PR News
Watering hole attacks on the media, governments and defense companies

The investigation focuses on spyware from the Israeli company Candiru. ESET exposes watering hole attacks on the media, governments and defense companies. The targets are the websites of the companies. The researchers at the European IT security manufacturer ESET have uncovered strategic attacks on the websites of the media, governments, Internet service providers and aviation and defense companies. According to current knowledge, the focus is on organizations in countries in the Middle East or with connections there. The affected countries are Iran, Saudi Arabia, Syria, Italy, Great Britain, South Africa and primarily Yemen. Targeting German websites Germany, too, was targeted by cyber spies: the attackers falsified ...

Read more

KRITIS: Badly protected industrial control systems
12 November 2021
| No comments
| Stories
KRITIS: Badly protected industrial control systems

Industrial control systems are often inadequately protected against cyber attacks, as security researchers from CloudSEK report. This also applies to companies in the critical infrastructure. A comment from 8com. Countless companies and institutions are under attack by cyber criminals every day - in many cases without them noticing. Attacks from the Internet have increased continuously in recent years and by now every IT manager should know that a stable line of defense against cyber criminals is a duty. Attacks on KRITIS have strong effects The effects a successful attack on companies in the critical infrastructure can have was ...

Read more

Weakness Report 2021: Only progress in cyber security 
29 October 2021
| No comments
| Stories
Weakness Report 2021: Only progress in cyber security

For years, HiSolutions has published findings on the cybersecurity situation in companies and authorities every year in the vulnerability report. The current report 2021 shows a positive development, which however allows a critical assessment. Cyber ​​security has become one of the top topics on the agenda of companies and authorities around the world in recent years. With the progressive implementation of digitization, the critical consideration of IT security is becoming increasingly important. Legal requirements, competitive pressure and above all economic interests force companies to deal intensively with the question of where their systems are vulnerable ...

Read more

© 2024 MedPressIT GbR
Cookie Settings