Security News

Most enterprises are maintaining or increasing their password management budgets
2022-06-20 08:00

Bitwarden announced the results of a global survey of enterprise security decision makers, conducted by 451 Research, which explores enterprise password management practices and intent. Weak passwords are vulnerable to password theft or compromise, which has led the enterprise to complement passwords with strategies such as OTP, email verification codes, SMS, or biometric factors.

Over a Dozen Flaws Found in Siemens' Industrial Network Management System
2022-06-19 22:11

Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system, some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution in certain circumstances," industrial security company Claroty said in a new report.

Qualys VMDR 2.0 with TruRisk: Taking vulnerability management to the next level
2022-06-06 13:00

Automate Workflows - Qflow technology, built into the Qualys Cloud Platform, delivers drag and drop visual workflows to automate time-consuming and complex vulnerability management tasks such as performing vulnerability assessments for ephemeral cloud assets as they are launched or alerting for high profile threats or quarantine high-risk assets saving valuable resources and time. With the VMDR 1.0 introduction in 2020, Qualys brought the four core elements of vulnerability management into a seamless workflow to help organizations efficiently respond to threats.

Conti spotted working on exploits for Intel Management Engine flaws
2022-06-02 22:15

The notorious Conti ransomware gang has working proof-of-concept code to exploit low-level Intel firmware vulnerabilities, according to Eclypsium researchers. Recently leaked Conti documents show the criminals developed the software more than nine months ago, and this is important because exploiting these kinds of weaknesses expands the extend and depth of an intrusion, the firmware security shop's analysis noted.

This is the most effective Apple mobile device management service
2022-05-27 15:43

This is the most effective Apple mobile device management service We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. More than 4 million people in the U.S. are working remotely, leading many companies to look for mobile device management solutions.

Where is attack surface management headed?
2022-05-25 04:30

Attack surface management is only the beginning of a notable shift toward an offensive-or proactive-security approach. A proactive approach to security means that you must see your entire attack surface like an attacker sees it.

[Template] Incident Response for Management Presentation
2022-05-25 03:12

Many security pros who are doing an excellent job in handling incidents find effectively communicating the ongoing process with their management a much more challenging task. Luckily, there is a template that security leads can use when presenting to management.

Researchers Find Backdoor in School Management Plugin for WordPress
2022-05-20 22:11

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The backdoor, which is believed to have existed since version 8.9, enables "An unauthenticated attacker to execute arbitrary PHP code on sites with the plugin installed," Jetpack's Harald Eilertsen said in a Friday write-up.

Backdoor baked into premium school management plugin for WordPress
2022-05-20 18:02

Security researchers have discovered a backdoor in a premium WordPress plugin designed as a complete management solution for schools. The name of the plugin is "School Management," published by Weblizar, and multiple versions before 9.9.7 were delivered with the backdoor baked into its code.

NIST updates guidance for cybersecurity supply chain risk management
2022-05-06 10:02

The National Institute of Standards and Technology has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. "The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it," NIST notes.