Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. Third-party cloud providers: Expanding the attack surfaceIn this interview with Help Net Security, Fred Kneip, CEO at CyberGRX, talks about the lack of visibility into third-party risk, how to address this issue, and what companies should consider when choosing the right cloud provider.
46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities.
The US Cybersecurity and Infrastructure Security Agency has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes."All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems."
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra, who previously deployed wiper malware on the networks of multiple Syrian organizations. "The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019," Check Point Research analysts who made the connection said.
While it is paramount that the IT department and the security teams are strong partners in protecting the company, the best practice is to have a separation of duties to ensure the group delivering the IT services is not also responsible for monitoring and managing the security risk. Examining the security posture of every system to understand what is being used and where the risks reside, and having a mitigation plan to protect employee, company and customer data is critical.
While IT security decision makers often consider cyberattacks a serious concern and are allocating a significant share of their IT budget to address their cybersecurity challenges, data breaches have still been uncomfortably commonplace, an INTRUSION survey reveals. Data breaches are too commonplace despite allocating significant portions of their IT budget to cybersecurity.
Spectral announced the release of DeepConfig, a detection technology that can identify misconfigurations at all layers of software to prevent exploits of security gaps and data breaches. Spectral's DeepConfig is the first solution that can detect misconfigurations at all layers of software, including the infrastructure layer and the data layer, which is composed of products like Elastic, MySQL, Redis, Memcache, and more.
Seventy percent estimate their high-value assets have been compromised in the past 12 months, and fifty percent believe there will be a cyber 9/11 in the next 10 years. The study - underwritten by INTEGRITY Global Security - found that 93 percent of leaders believe it is possible to build zero vulnerability platforms.
Cado Security announced the addition of memory acquisition, processing and analysis capabilities to its Cado Response platform. With Memory Forensics, security teams gain enhanced visibility and context to identify the root cause of incidents and respond to data breaches faster.
Today, most companies rely on manual processes and good intentions to ensure proper SaaS security management, but that is not enough. The AppOmni SaaS Security Management platform, which offers a full suite of SaaS security posture, protection, and monitoring capabilities, covers the most widely adopted and business-critical SaaS applications on the market including Salesforce, ServiceNow, Microsoft 365, Microsoft Teams, GitHub, Workday, Box, Slack, and Zoom.