Security News

3 Steps to Automate Your Third-Party Risk Management Program
2023-02-22 11:03

The reasons for the lack of investment into Third Party Risk Management are the same that we consistently hear - lack of time, lack of money and resources, and it's a business need to work with the vendor. Step 3 - Continuously combine threat exposure findings with the questionnaire exchange #. Security ratings alone don't work.

Attack surface management (ASM) is not limited to the surface
2023-02-15 05:30

Attack surface management is a make or break for organizations, but before we get to the usual list of best practices, we need to accept that attack surface management is not limited to the surface. Defining the fundamentals of ASM. ASM falls under the larger umbrella of exposure management, along with vulnerability management and validation management.

Unpatched Security Flaws Disclosed in Multiple Document Management Systems
2023-02-08 15:15

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "An attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization." The list of eight cross-site scripting flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows -.

Atlassian warns of critical Jira Service Management auth flaw
2023-02-03 14:31

A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "Access to a Jira Service Management instance under certain circumstances."

Atlassian fixes critical bug giving access to Jira Service Management
2023-02-03 14:31

A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems. Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "Access to a Jira Service Management instance under certain circumstances."

Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)
2023-02-03 09:57

Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is urging users to upgrade quickly. "Installing a fixed version of Jira Service Management is the recommended way to remediate this vulnerability. If you are unable to immediately upgrade Jira Service Management, you can manually upgrade the version-specific servicedesk-variable-substitution-plugin JAR file as a temporary workaround," they advised.

Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability
2023-02-03 07:55

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 and has been described as a case of broken authentication with low attack complexity.

The future of vulnerability management and patch compliance
2023-02-01 04:38

IT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. Are we ready for what's next? As vulnerabilities continue to increase, what strategies should security professionals use to gain visibility into these threats, prioritize them, and manage the ongoing risk to endpoints? What will the vulnerability landscape look like in 2023, and what new challenges will security and IT teams face?

DigiCert releases new unified approach to trust management
2023-01-31 04:36

New solution brings together full stack of CA-agnostic certificate lifecycle management, PKI services and tightly integrated public trust issuance. The 2022 State of Digital Trust Survey found that almost half of consumers have stopped doing business with a company after losing confidence in its digital trust competency.

Attackers use portable executables of remote management software to great effect
2023-01-26 11:16

Tricking users at targeted organizations into installing legitimate remote monitoring and management software has become a familiar pattern employed by financially motivated attackers. After discovering the maliciously installed software on a system at one of the FCEB agencies, CISA went searching for and found more thusly compromised systems at other agencies.