One of the problems with open source vulnerability databases is that each uses its own format to describe vulnerabilities and this makes tracking and sharing of vulnerabilities between databases difficult.

To address this and boost security, the Google Open Source Security team, Go team, and the broader open-source community have been developing a simple vulnerability interchange schema for describing vulnerabilities.

Continue reading →

Security researchers from Eclypsium have discovered a total of four vulnerabilities in Dell's SupportAssist software. As the software is pre-installed on the majority of Dell machines running Windows, millions of systems are at risk of remote attack.

Eclypsium says that a total of 129 Dell models are affected by the security issues. The chain of vulnerabilities that leaves systems open to attack has a cumulative CVSS score of 8.3 (High) and there is a warning that they "pose significant risks to the integrity of Dell devices".

Continue reading →

In the last 18 months 98 percent of companies in a new survey have experienced at least one cloud data breach -- up from 79 percent last year.

The research, conducted by IDC for cloud infrastructure company Ermetic, reveals that of the 200 CISOs and security decision makers surveyed 67 percent report three or more breaches, and 63 percent say they had sensitive data exposed.

Continue reading →

The IT budgets of small and medium businesses will prioritize three things in the coming year: remote management (58.4 percent), security (55.9 percent), and cloud services (50.1 percent), according to a new report.

The latest State of the SME IT Admin Report from JumpCloud also reveals that 74 percent of the 400+ IT decision makers surveyed say remote work makes it harder for employees to follow good security practices.

Continue reading →

Many CISOs I speak with across Europe tell me their cybersecurity teams rely on two, primary open-source platforms within their security operations (SecOps). The first is Malware Information Sharing Platform (MISP), that allows the storing and sharing of indicators of compromise (IoCs) with other MISP users. The second is TheHive, designed for security incident response (IR). The two solutions are tightly integrated so that SOCs, CERTs and any security practitioner can act more quickly when incidents happen. 

For organizations with limited resources or just beginning to build a SecOps practice, MISP and TheHive are easy-to-use tools to help your teams react to malicious threats. The next step to proactively mitigate risk from the full breadth of threats your organization is facing, is to leverage MISP and TheHive to create a cyber threat intelligence (CTI) practice. To do this, you need to consider a third platform that integrates with these two solutions and provides five essential capabilities for a CTI practice so your teams can get ahead of threats.

Continue reading →

A new email security report from GreatHorn reveals that 30 percent of links received by email lead to malicious sites.

Spoofed email accounts or websites are the most experienced form of a business email compromise (BEC) attack as 71 percent of organizations acknowledge they have seen one over the past year. This is followed by spear phishing (69 percent) and malware (24 percent).

Continue reading →

New research from Deep Instinct finds that 78 percent of SecOps professionals are concerned that cyber adversaries will develop and deploy AI to cause a global cyber incident in the next 12 months.

The study of 600 IT and cybersecurity professionals finds more than half of respondents believe ransomware or zero-day attacks are the biggest threats to their organization.

Continue reading →

Many organizations are now relying on voice assistant systems to handle enquiries, but just as with other forms of information it's important to protect the consumer and the proprietary data that flows through voice.

The Linux Foundation is launching an Open Voice Network, an open source association dedicated to advancing open standards that support the adoption of AI-enabled voice assistance systems.

Continue reading →

New research from SOC specialist LogRhythm finds that just seven percent of security leaders are reporting to the CEO, and only 37 percent say they or someone in their security function reports to the board of directors.

In addition 53 percent of security leaders claim their senior leadership doesn't understand their role, and 51 percent believe they lack executive support.

Continue reading →

New research reveals a continued rise in cyberattacks targeting container infrastructure and supply chains, and shows that it can take less than an hour to exploit vulnerable container infrastructure.

The latest threat report from cloud-native security company Aqua Security offers a detailed analysis of how bad actors are getting better at hiding their increasingly sophisticated attacks.

Continue reading →

For IT and security professionals, the job of keeping the enterprise secure is becoming an ever more complex proposition. In addition to the fact that distributed working looks set to become a permanent feature, keeping up with a raft of emerging new technologies while dealing with the rising tide of cyber threats means there is a growing number of tasks to keep on top of.

With time and resources in short supply, gaining full visibility of data from across the entire security stack will be key to achieving better and more comprehensive threat detection. But maintaining robust policies and controls also depends on adopting technology that is able to adapt quickly and self-learn from user behaviors.

Continue reading →

Traditional banks are realizing that they must develop more user-friendly open banking apps if they're not to lose customers to fintech startups.

But it's critical that these apps gain the trust of consumers if open banking is to succeed. We spoke to Jasen Meece, CEO of Cloudentity to discuss how financial services companies can ensure their open banking apps and partners adhere to compliance standards and protect consumer’s personal data.

Continue reading →

In 2020 we saw a huge shift to remote working, with VPN often the technology of choice for keeping connections secure.

But a new Network Security Report from SpiderLabs at Trustwave reveals that this trend didn't go unnoticed by cybercriminals, with malicious actors targeting unpatched VPN vulnerabilities more frequently.

Continue reading →

We’ve seen the now infamous Guy Fawkes masks around for a long time. More so a few years ago, than in current times. The main group they belong to, 'Anonymous', has a reputation as hackers but members aren’t the people shutting down gas lines or airlines -- they prefer to think of themselves as ethical. Hacktivists if you will. You may disagree, authorities certainly do, and many members have been arrested. 

A decade ago member Christopher Doyon was nabbed in San Francisco. He allegedly jumped bail and headed south of the border, where he has remained ever since. Producer Gary Lang traveled there and featured him in the Canadian documentary 'The Face of Anonymous' in 2020. 

Continue reading →

A survey of over 600 IT decision makers across the US, UK and Australia finds that 76 percent believe end users are more at risk from attacks on mobile devices than they were a year ago.

The study from Menlo Security also shows 53 percent admit that it's not possible to be prepared for all the tactics and strategies used by attackers targeting mobile devices. And, more than a third (38 percent) claim that it's impossible to keep up with the pace of these attacks.

Continue reading →