What Log4Shell still means for the enterprise [Q&A]


When the Log4Shell vulnerability first appeared at the end of last year it sent a shockwave through the cybersecurity community.
But just because it's no longer in the headlines doesn't mean it's gone away. There's still a lot that enterprises can learn from the vulnerability and the response to it. We spoke to Maninder Singh, corporate vice president and global head of cybersecurity and GRC services at HCL Technologies, to find out more.
70 percent of organizations use a vulnerability assessment tool


A new study from Netwrix reveals that 70 percent of organizations use a vulnerability assessment tool, but not always for the reasons you might think.
Rather than to ensure compliance, 70 percent say the primary reason for purchasing the tool is the need for proactive security measures. In addition 76 percent of those who don't yet own a vulnerability assessment tool and plan to acquire one in the near future for the same reason.
Faster exploitation of vulnerabilities poses a major risk for businesses


The average time to known exploitation of vulnerabilities is 12 days, down from 42 days last year, according to the latest Rapid7 Annual Vulnerability Intelligence report.
Of 50 2021 vulnerabilities looked at in the report, 43 were exploited in the wild and 52 percent of the known exploited vulnerabilities in this report came under attack within one week of public disclosure.
Over a quarter of businesses have critical vulnerabilities that could be exploited

Record number of vulnerabilities disclosed in 2021


Risk Based Security (RBS) has today released its 2021 Year End Vulnerability QuickView Report showing that a total of 28,695 vulnerabilities were disclosed last year.
This the highest number recorded to date. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed will continue to rise year-on-year in future.
Hackers continue to target zero-day vulnerabilities


Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, according to a new report.
The study by Ivanti, produced in conjunction with Cyber Security Works, shows 65 new vulnerabilities tied to ransomware last year, representing a 29 percent growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.
Over three-quarters of container images have high risk vulnerabilities


A new report from container and cloud security company Sysdig finds that 75 percent of images contain patchable vulnerabilities of 'high' or 'critical' severity. In addition 85 percent of container images that run in production contain at least one patchable vulnerability.
Looking at the issues in more detail, 73 percent of cloud accounts contain exposed S3 buckets and 36 percent of all existing S3 buckets are open to public access.
High risk vulnerabilities in fintech soar over the past year


Financial services companies on the Bugcrowd platform experienced a 185 percent increase in the last 12 months for Priority One (P1) submissions, which relate to the most critical vulnerabilities.
According to activity recorded on the Bugcrowd Security Knowledge Platform, high-level trends include an increase in ransomware and the reimagining of supply chains, leading to more complex attack surfaces during the pandemic.
What are Log4Shell and log4j and should you be worried about them?


At the end of November a vulnerability targeting Minecraft servers was uncovered. If you don't play Minecraft you probably didn't pay it much attention.
Since then, however, 'Log4Shell' has surged across the web sending tremors through the security community and prompting the US government to describe it as a 'severe risk'. So, what's going on and is it time to panic?
Research finds vulnerabilities in 97 percent of applications


Data from 3,900 tests conducted on 2,600 software or systems targets reveals that 97 percent had some form of vulnerability, 30 percent of the targets had high-risk vulnerabilities, and six percent had critical-risk vulnerabilities.
In the research from Synopsys 83 percent of the tested targets were web applications or systems, 12 percent mobile applications, and the remainder either source code or network systems/applications. Industries represented in the tests include software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.
Ransomware groups grow in sophistication and volume


New research from security automation specialist Ivanti shows that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since the beginning of 2021.
The report, produced with Cyber Security Works and Cyware, reveals that the last quarter has seen a 4.5 percent increase in CVEs associated with ransomware.
Over half of healthcare apps have a serious vulnerability


A new study from the Application Security Division of NTT Ltd reveals that 52 percent of applications in the healthcare industry have at least one serious vulnerability -- rating 'high' or 'critical' on the CVSS scale -- open throughout the year.
However, healthcare has performed 14 percent better than the industry average on remediating critical risks in the past three months. This represents a positive trend for healthcare, which historically performs below average based on a rolling 12-month analysis.
Why businesses need to take vulnerability and risk management seriously [Q&A]


As businesses rely more on the cloud and virtual infrastructure, so the potential for both configuration errors and cyberattacks increases.
The pandemic has only made the problem worse and in many cases led to a loosening of security policy. What do organizations need to do to address the issue and protect their systems? We spoke to Tal Morgenstern, Vulcan Cyber CPO and co-founder, to find out.
Automated analysis can help stop security teams wasting 10,000 hours a year


It's well known that security teams are suffering from alert overload and new research from Invicti Security shows that false positives and the need for manual verification are serious problems.
Analysis of six years' worth of real-world vulnerability data shows enterprise security teams are spending nearly 10,000 hours a year checking unreliable vulnerability reports, and this could cost as much as half a million dollars annually.
Over two million web servers still running on vulnerable legacy software


More than two million web servers worldwide are still running on outdated and vulnerable versions of Microsoft Internet Information Services (IIS) software according to research from CyberNews.
With 12.4 percent of the market worldwide IIS is the third-most-popular suite of web server software, used to power at least 51.6 million websites and web applications.
Recent Headlines
Most Commented Stories
BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.
Regional iGaming Content
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.