Security News

VMware has fixed two critical and two important security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics.Reported by Trend Micro's Zero Day Initiative, none of the flaws are currently exploited by attackers in the wild, but given threat actors' predilection for targeting widely used VMware solutions, fixing these sooner rather than later is a good idea.

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight that could expose users to remote code execution attacks. Tracked as CVE-2022-31706 and CVE-2022-31704, the directory traversal and broken access control issues could be exploited by a threat actor to achieve remote code execution irrespective of the difference in the attack pathway.

A cyber security risk that comes from within an organization is referred to as an insider threat. Insider threats might be carried out purposefully or accidentally.

1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

I recently had the opportunity to meet and speak with several luminaries of the global security ecosystem: Roger Hale - Chief Security Officer; BigID, Sounil Yu - CISO and Head of Research at JupiterOne; Debbie Taylor Moore - VP and Senior Partner Global Cybersecurity at IBM Consulting; and Jay Leek, Managing Partner and Co-founder of SYN Ventures. As the aftershocks of 2021 begin to clear, I was interested in getting CISOs' take on ensuing challenges and upcoming hurdles that require the attention of all security and business stakeholders.

The threat of ransomware or nation state attacks might open-up corporate wallets for short-term cyber-security investment but working out how to develop both your security team and your defenses for the long-term calls for a little more sophistication. It's also about understanding how security doesn't just protect your organization in the here and now but underpins its ability to succeed more broadly in the future.

According to a recent Pew Research survey, 64 percent of Americans are choosing to remain in either a fully remote or hybrid working environment, forcing businesses to grapple with the increasing complexity that comes with migrating and scaling workloads in the cloud. Qa survey respondents rank visibility into cloud data-in-motion as the top security factor globally.

ChaosSearch shared key findings from a survey of 1,020 U.S. IT professionals on data retention, data usage, and investments in data lake and cloud data platforms. 69% of respondents indicated that their organizations have implemented a data lake, while 23% of respondents have not implemented a data lake but are planning to deploy one.

Almost a month after a disgruntled Conti affiliate leaked the gang's attack playbook, security researchers shared a translated variant that clarifies any misinterpretation caused by automated translation. Apart from providing information about the gang's attack methods and the thoroughness of the instructions, which allow for less-skilled actors to become Conti ransomware affiliates and hit valuable targets.

Expert: Information management can also lead to a massive value proposition in being able to tap into governed data for business insights. TechRepublic's Karen Roby spoke with Kon Leong, CEO and co-founder of ZL Technologies, a data management company, about data privacy and governance.