Security News

A researcher at privileged access management solutions provider CyberArk has discovered vulnerabilities in the products of 10 cybersecurity vendors. The research focused on vulnerabilities that can allow an attacker or a piece of malware to escalate privileges using symlink attacks or DLL hijacking.

Several major industrial control system vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems. The company's researchers showed how an attacker can launch attacks by setting up a malicious website and luring targeted users to it, or by creating their own CodeMeter API and client and sending commands to devices running CodeMeter.

Most organizations have a complex security infrastructure that consists of multiple products from multiple vendors to create layers of defense, including firewalls, IPS/IDS, routers, web and email security, and endpoint detection and response solutions. In the past couple of years, we've seen a movement towards Security Orchestration, Automation and Response platforms and tools.

The goal of the survey is to better understand how DPI, a technology that identifies and details network traffic, is used by telecommunications and cybersecurity solution vendors today, and what they need from DPI in the future. They show that telecom and security vendors and their customers are facing rapid changes as the cloud transformation, 5G networking, work from home practices, and the IoT have a profound effect on network users, devices, and services.

The latest form of business email phishing attacks involve impersonating familiar senders, a GreatHorn report found. GreatHorn also acknowledged this uptick the report noted that this view isn't fully adequate in understanding how phishing email attacks are evolving, and how security teams are responding to those threats.

In May 2019, Flashpoint CEO Josh Lefkowitz shared in SecurityWeek tips for evaluating threat intelligence vendors that cover the deep and dark web. I wanted to look at the entire threat intelligence space and provide some thoughts on how to evaluate the best vendors for you.

As COVID-19 spreads across the globe, what challenges are CISOs and other cybersecurity executives dealing with and what things they don't want to be dealing with at the moment? Finally, as the economy takes a hit due to COVID-19 and the widespread "Shelter in place" directives, cybersecurity executives can expect some of the previously allocated cybersecurity budget to be cut and the funds redirected towards measures that will keep the organization afloat.

U.S. Sen. Mark R. Warner this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts. The coronavirus pandemic has forced many to isolate themselves at home to help stop the virus spread, which resulted in a significant increase in the use of Internet networking devices for remote work, health, and education purposes.

More than half of all healthcare vendors have experienced a data breach that exposed protected health information, and it's a costly problem that points to broken third-party risk assessment processes, according to data released by the Ponemon Institute and Censinet. The report shows that 54 percent of healthcare vendors have experienced at least one data breach of protected health information belonging to patients of the healthcare providers they serve.

They can still upgrade from Windows 7 to Windows 10 for free, but those who continue to use Windows 7 now that support has ended are simply more vulnerable to security risks. In addition to that, the good news is that some browser and many AV manufacturers will continue to offer Windows 7 support.