Security News

Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. Put differently; the attack scenario works by targeting a Nagios XI server at the customer site, using CVE-2020-28648 and CVE-2020-28910 to gain RCE and elevate privileges to "Root." With the server now effectively compromised, the adversary can then send tainted data to the upstream Nagios Fusion server that's used to provide centralized infrastructure-wide visibility by periodically polling the Nagios XI servers.

Mandiant Cyber Risk Management Services are designed to address critical business and security requirements to equip executives, boards of directors, and security and cross-functional leaders with risk-based data and advice to build effective and balanced security programs. "When developing a corporate security strategy and program, it is imperative to identify the areas and assets with the highest business value and those with the most significant threats and vulnerabilities. Mandiant Cyber Risk Management Services are designed to balance business and technical considerations and provide executives with risk-based decision support," said Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant Consulting.

Avast announces the official launch of Avast Business Hub, a new security platform designed to streamline how Avast's channel partners, managed security service providers, and business customers manage their cybersecurity solutions. Avast Business Hub consolidates a number of critical security and availability capabilities for SMBs. It consolidates endpoint protection, patch management, backup and recovery, and remote access and support solutions into an integrated security platform that enables organizations to easily manage and protect their devices, applications, data, and networks.

Cynerio will use the funding to fully realize its vision of being the healthcare industry's go-to cybersecurity and asset management solution by expanding its channel program, forming strategic partnerships with leading solution providers and expanding its clinically-intelligent toolbox of preemptive and proactive zero trust solutions into a full-service, responsive security platform. "It's critical to have partners who intimately understand the healthcare industry and its exceptional needs, especially now with the unprecedented pressures COVID-19 has introduced. Cynerio is extremely grateful for the continued faith and support of Elron, Accelmed and MTIP," said Leon Lerman, CEO and co-founder of Cynerio.

The U.S. House Committee on Homeland Security has passed five bipartisan bills on Monday to bolster defense capabilities against cyber attacks targeting U.S. organizations and critical infrastructure. The five bipartisan bills are also designed to make it easier to defend networks from cyber attacks using critical security vulnerabilities such as those abused in campaigns targeting vulnerable Microsoft Exchange Server and Pulse Connect Secure devices earlier this year.

Vulnerability management in OT continues to be one of the biggest challenges in securing industrial control systems. OT systems, which encompass the ICS, are computer-based control systems that automate and provide safety protection for personnel and equipment in the industrial, commercial buildings, avionics and other IoT-intensive industries.

Thus availablity, except out of very very small excursions from "Normal" does not exist in the corporate world. The result as the US finds out more and more regularly, is critical infrastructure outages so often they are now considered "Normal".

IronNet Cybersecurity and Dragos announced that they are launching a new joint initiative designed to help ensure the security of the nation's critical infrastructure through an integrated IT-OT approach to cybersecurity. The IronNet and Dragos joint initiative spans both companies' respective technical and business domains and is focused on integrating the IronNet IronDome and the Dragos Neighborhood Keeper threat intelligence sharing and community-wide visibility solutions in order to increase the overall security posture of organizations - and enable them to focus on core business and digital transformation efforts.

In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits - and discovered that a lot of remote workers are letting password security go by the wayside. Here are 5 critical password security rules they're ignoring.

Sierra Wireless launched the next evolution in routers with its new XR Series of multi-network 5G routers. The XR Series delivers the full performance of 5G across any network whether used for mobile applications or primary, temporary, or backup fixed wireless connectivity.