Security News

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 and has been described as a case of broken authentication with low attack complexity.

IT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. Are we ready for what's next? As vulnerabilities continue to increase, what strategies should security professionals use to gain visibility into these threats, prioritize them, and manage the ongoing risk to endpoints? What will the vulnerability landscape look like in 2023, and what new challenges will security and IT teams face?

New solution brings together full stack of CA-agnostic certificate lifecycle management, PKI services and tightly integrated public trust issuance. The 2022 State of Digital Trust Survey found that almost half of consumers have stopped doing business with a company after losing confidence in its digital trust competency.

Tricking users at targeted organizations into installing legitimate remote monitoring and management software has become a familiar pattern employed by financially motivated attackers. After discovering the maliciously installed software on a system at one of the FCEB agencies, CISA went searching for and found more thusly compromised systems at other agencies.

VMware has issued fixes for four vulnerabilities, including two critical 9.8-rated remote code execution bugs, in its vRealize Log Insight software. There are no reports of nation-state thugs or cybercriminals finding and exploiting these bugs, according to VMware.

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management. The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data.

Even if things go well on the technical level, incident response is still a stressful and hectic process across the company; this is the reality of cyber crisis management. I recently managed a cyber incident in a large company where, on a technical level, the handling of the incident was excellent but the cooperation with the management was complex and frustrating, a real Tower of Babel.

"The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe. Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk," said Daniel Hofmann, CEO of Hornetsecurity. Hofmann commented: "Increasing remote working cybersecurity measures is particularly important in the current climate, as cybercriminals are becoming smarter and using remote working to their advantage. We've seen an increase in smartphone attacks as hackers understand that both personal and professional data can likely be accessed as people can, and often do, carry out work on personal devices."

A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Good vulnerability management is not about being fast enough in patching all potential breaches.

According to Action1's 2021 Remote IT Management Challenges Report, 78% of organizations admit that they failed to patch critical vulnerabilities in a timely manner during the past year, and 62% said they suffered a breach due to a known vulnerability for which patch was available but not yet applied. It's not just the sheer volume that's a problem - each device might have its own hardware configuration and installed software, which adds a great deal of complexity to the patch management process.