RSS_Virtulization

Tripwire’s April 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Google Chrome and Microsoft. First on the patch priority list this month are patches for insufficient input validation vulnerabilities in Google Chrome (Chromium). Exploits for these vulnerabilities have been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible. Next on the patch priority list this month are patches for Microsoft Excel, Office, Word, and Outlook. These…

The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack. The guidance comes from the NSA, which this week has issued a cybersecurity advisory entitled “Stop Malicious Cyber Activity Against Connected Operational Technology” In its advisory, the NSA describes how organisations should evaluate the risks against OT – such as Industrial Control…

Financial services and insurance organizations experienced a 125% rise in exposure to mobile phishing attacks in 2020 compared to 2019, according to Lookout’s Financial Services Threat Report. The cloud security firm also found that malware and app risk exposure went up by more than 400% on average per quarter last year among the industry’s employees and customers. This was despite a 50% growth in mobile device management deployment during this period. This surge in exposure…

Provider receives highest score in current offering category Sunnyvale, Calif., May 6, 2021 — Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced it has been recognized as a leader in the Forrester Research, Inc. May 2021 report, The Forrester Wave™: Enterprise Email Security, Q2 2021. This report evaluated 15 enterprise email service providers based on 25 criteria across three high-level categories: current offering, strategy, and market presence. Of the vendors evaluated, Proofpoint…

On world password day, data from Onfido serves as a reminder that most people don’t follow password recommendations, probably never will, and that means it’s time to find a new security standard. Image: Getty Images/iStockphoto World password day 2021 is upon us, serving as yet another reminder to use unique passwords, update those that may be compromised and practice good password hygiene. If new data from Onfido is accurate, however, most of us have no…

Data breach incidents reported to the UK’s financial regulator dropped by nearly a third from 2019 to 2020, although experts claim this is far from an accurate picture of the current threat landscape. Governance and risk firm Kroll requested Freedom of Information (FoI) data from the Financial Conduct Authority (FCA) to better understand the level of cyber-breach activity in the sector. However, the data received, a 30% year-on-year drop in reported breaches to just 76 in…

A security researcher has discovered several issues with the software used by exercise equipment maker Peloton, which may have leaked sensitive customer information to unauthenticated users. Pen Test Partners explained in a new blog post that the problem could be traced back to unauthenticated API endpoints, which could have allowed hackers to interrogate  information on all users. Among the potentially exposed data was user and instructor IDs, group membership, location, workout stats, gender and age,…

Mt. San Rafael Hospital thwarted a ransomware attack on one of its sister facilities earlier this year before anything could be compromised. The organization is still working through the details of the hack, says CIO Michael Archuleta, whose hospital is part of the BridgeCare Health Network, which includes five hospitals in Colorado. “It could have been a bad issue if we didn’t have the automation and intelligence to catch and stop it,” says Archuleta. The…