News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: weak points

CISA: PAN-OS vulnerability warning
August 30, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The US Agency for Cyber ​​Security and Infrastructure Security (CISA) has included a newly found vulnerability with high severity in the operating system PAN-OS in the catalog of exploitable vulnerabilities. PAN-OS controls Palo Alto Networks firewalls. The Palo Alto Networks vulnerability recently found in PAN-OS has been filed with CISA as security problem CVE-2022-0028. The identified risk has a high severity rating of 8,6 out of 10 as it allows a remote threat actor to deploy enhanced Denial of Service (DoS) attacks without requiring authentication. Patches released for PAN-OS versions Several versions of PAN-OS are vulnerable to CVE-2022-0028….

Read more

VMware Warning: Patch Critical Vulnerabilities 
August 9, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

VMware releases some updates for several severe vulnerabilities in various products. With some products, it is even possible for attackers to gain administrative access to the products without a password. VMware users should act quickly, patch and close the gaps. According to VMware, the following products are affected by the gaps and patches are available: Workspace ONE Access, Workspace, ONE Access Connector, Identity Manager, Identity Manager Connector, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. The VMware advisory VMSA-2022-0021 lists the individual gaps and the recommended measures for them. VMware VMSA-2022-0021…

Read more

Vulnerability Report 2021: Many critical vulnerabilities
August 6, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The experts at Citadelo have presented the new Vulnerability Report 2021. The penetration tests carried out worldwide served as the data basis. 50 percent of the projects examined had at least one critical weakness. Citadelo, one of the fastest growing cybersecurity companies in Europe based in Zug, Switzerland, has presented its 2021 vulnerability report - and is sounding the alarm. “On average, 50% of the projects had at least one critical vulnerability, and medium to high vulnerabilities were found in almost all projects tested,” said Mateo Meier, Board Member of Citadelo. Critical Vulnerabilities with Disastrous Consequences While less severe vulnerabilities…

Read more

Study: vulnerable IoT in medicine, production and KRITIS
July 29, 2022
| No comments
| PR News
Study: vulnerable IoT in medicine, production and KRITIS

IoT Security Report 2022 uncovers significant gaps in cyber security. A study reveals many vulnerable IoT systems in the areas of medicine, production and KRITIS. Business leaders should think about increasing liability. Cyber ​​security is still thought of in silos - that is the conclusion of a study by the specialist for IoT security ONEKEY. “In many cases, companies and entrepreneurs still think in classic silos when it comes to IT security. The immediately growing risk of many different firmware versions in IoT systems is often overlooked,” warns Jan Wendenburg, Managing Director of ONEKEY. Highest IoT threat in medicine To the areas…

Read more

F-Secure and WithSecure scan engines at medium risk
July 26, 2022
| No comments
| F-Secure, Short news
B2B Cyber ​​Security ShortNews

A slight but not entirely harmless vulnerability in several F-Secure products and the business version WithSecure allows attackers to crash the programs. F-Secure actually distributes the patches automatically. According to the portal heise.de, the products from F-Secure and the new business brand WithSecure have a vulnerability. Attackers could crash the scan engine in F-Secure products, preventing detection. WithSecure's product, the effects of an attack sound worse, since it should be possible to delete local data and bypass the protective measures. But one…

Read more

LockBit ransomware group launches bug bounty program
July 9, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Like a normal company, the LockBit ransomware group has started a bug bounty program in which other programmers are supposed to report bugs that reveal their IP and more. The reward pot is said to be worth over $XNUMX million. Normal software companies use the classic bug bounty programs to improve their software. The fact that a ransomware group is officially doing this, according to ComputerWeekly.com, is really new. However, the LockBit Group does not only expect or reward hints of errors in their ransomware. Worthwhile targets should also be reported, for example if a company's website is vulnerable to cross-scripting....

Read more

CVE hotspots at a glance
June 30, 2022
| No comments
| PR News
CVE hotspots at a glance

Spotlights at a glance: WatchGuard launches new CVE overview page. Single point of contact for WatchGuard users, MSPs and channel partners lists important information about potential security vulnerabilities. With the new CVE overview page, WatchGuard's Product Security Incident Response Team (PSIRT) has created a platform that is specifically aimed at all users, MSPs and channel partners of WatchGuard products. This lists currently known vulnerabilities and vulnerabilities (Common Vulnerabilities and Exposures, CVE) in detail and offers further information on how to deal with these anomalies - across the entire WatchGuard portfolio. In addition,…

Read more

Study: Too many app vulnerabilities go live
June 29, 2022
| No comments
| Stories
Study: Too many app vulnerabilities go live

According to a survey of 1.300 CISOs, 75 percent say: Too many app vulnerabilities get into operations. For 79 percent of CISOs, continuous runtime vulnerability management is critical to keep up with the growing complexity of modern multi-cloud environments. Dynatrace, the Software Intelligence Company (NYSE: DT), has released a global study of 1.300 chief information security officers (CISOs) at large organizations. A key finding: The speed and complexity introduced by the use of multi-cloud environments, multiple programming languages ​​and open-source software libraries make vulnerability management difficult. 75 percent of CISOs state that despite multi-layered security measures, gaps...

Read more

Vulnerabilities in the Siemens network management system
June 24, 2022
| No comments
| Stories
Vulnerabilities in Siemens' network management system

Team82 discovers 15 vulnerabilities in Siemens' network management system (SINEC NMS). Vulnerabilities allow denial of service attacks, credential harvesting, and remote code execution. The security researchers from Team82, the research department of the specialist for the security of cyber-physical systems (CPS) in industry, healthcare facilities and companies Claroty, have discovered a total of 15 vulnerabilities in the Siemens network management system (SINEC NMS). For example, CVE-2021-33723 allows attackers to escalate their privileges and CVE-2021-33722 allows remote code execution using a path traversal attack. All versions prior to V1.0 SP2 Update 1 are affected. Siemens advises users to upgrade to V1.0 SP2 Update 1 or a…

Read more

Attack Surface Threat Report shows unmanaged attack surfaces
June 20, 2022
| No comments
| Stories
Attack Surface Threat Report shows unmanaged attack surfaces

Palo Alto Networks' security research team evaluated more than 100 companies across multiple industries to map their unmanaged attack surfaces. The results have been compiled in the current Attack Surface Threat Report. Seasoned security professionals know that while zero-days make the headlines, the real problems arise from the dozens of small decisions that are made every day in an organization. Even a single accidental misconfiguration can create a weak point in the defense. Targeting Oversights and Misconfigurations Opportunistic attackers are increasingly targeting these oversights and misconfigurations as it…

Read more

© 2024 MedPressIT GbR
Cookie Settings