Security News

How Biden's executive order on cybersecurity may impact vendors and developers
2021-05-17 14:46

Though most of the EO is aimed at government agencies, vendors and developers will have to design all of their products with a greater focus on security, according to Finite State. With ransomware attacks increasingly impacting businesses, government agencies and critical infrastructure, President Joe Biden last week signed an executive order designed to shore up the nation's cyber security.

Impacted Vendors Release Advisories for FragAttacks Vulnerabilities
2021-05-14 15:08

Impacted vendors have released security advisories in response to the recently disclosed Wi-Fi vulnerabilities collectively tracked as FragAttacks. A dozen CVE identifiers have been assigned to the FragAttacks flaws discovered last year by researcher Mathy Vanhoef, including three for design flaws and nine for implementation flaws.

Organizations are more likely to purchase tech and services from vendors demonstrating transparency
2021-03-15 15:01

Some 73% of companies prefer to purchase from technology providers that are transparent and proactive in helping organizations manage their cybersecurity risk, a study released Monday by Intel finds. "Security doesn't just happen. If you are not finding vulnerabilities, then you are not looking hard enough," said Suzy Greenberg, vice president of Intel product assurance and security, in a statement.

Vendors Respond to Method for Disabling Their Antivirus Products via Safe Mode
2020-12-15 14:27

Microsoft and several major cybersecurity companies have responded to a researcher's disclosure of a method for remotely disabling their antivirus products by leveraging the Windows safe mode. Researcher Roberto Franceschetti last week published an advisory, a blog post, a video and proof-of-concept exploits demonstrating a method that could be used by an attacker to disable anti-malware products from Microsoft, Avast, Bitdefender, F-Secure and Kaspersky.

Study finds 31% of third-party vendors could cause significant damage to organizations if breached
2020-11-20 19:50

The "State of Third Party Risk Management" report surveyed 154 third-party risk management professionals and found that they assess a median of 50 vendors each year, with most enterprises reporting having a TPRM program for about five to six years. "In the mass outsourcing of systems and services to third parties, enterprises have dramatically increased the scale and complexity of their risk surface. This study reveals that risk professionals widely are of the opinion that questionnaire-based assessments are sufficient for managing third-party risk. The magnitude of risk in the hands of third parties necessitates much better performance visibility than questionnaires can provide," said Kelly White, CEO and co-founder of RiskRecon.

Multiple Industrial Control System Vendors Warn of Critical Bugs
2020-11-17 22:38

Industrial control system firms Real Time Automation and Paradox both warned of critical vulnerabilities Tuesday that opened systems up to remote attacks by adversaries. RTA, which describes itself as providing industrial control systems for manufacturing and building automation, posted information regarding the vulnerability on Oct. 27.

Western Digital Finds Replay Attack Protection Flaw Affecting Multiple Vendors
2020-11-11 11:44

A vulnerability identified recently by researchers at storage giant Western Digital in the Replay Protected Memory Block protocol impacts the products of several other major companies, including Google, Intel and MediaTek. The RPMB feature is designed to protect devices against replay attacks by providing an authenticated and protected area for storing data that ensures each message is unique and cannot be replayed.

NVIDIA Patches AMI BMC Vulnerabilities Impacting Several Major Vendors
2020-10-30 04:32

NVIDIA on Wednesday released patches to address a total of nine vulnerabilities impacting NVIDIA DGX servers. The vulnerabilities were reported to NVIDIA by members of the SCADA StrangeLove project, which focuses on ICS/SCADA security, as part of their research into machine learning infrastructure vulnerabilities.

IoT Security Foundation unveils online platform to help IoT vendors report and manage vulerabilities
2020-10-20 01:00

An online platform designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports has been launched by the IoT Security Foundation. VulnerableThings.com aims to simplify the reporting and management of vulnerabilities whilst helping IoT vendors comply with new consumer IoT security standards and regulations.

Researcher Finds Vulnerabilities in Products of 10 Cybersecurity Vendors
2020-10-07 11:55

A researcher at privileged access management solutions provider CyberArk has discovered vulnerabilities in the products of 10 cybersecurity vendors. The research focused on vulnerabilities that can allow an attacker or a piece of malware to escalate privileges using symlink attacks or DLL hijacking.