Security News

Kubernetes showing vulnerabilities against ransomware attacks. New research from Veritas Technologies detailing the inherent security risks associated with Kubernetes has been published, and some of the findings are concerning for those employing the containerized system.

The U.S. Cybersecurity & Infrastructure Security Agency has added fifteen additional flaws to its list of actively exploited vulnerabilities known to be used in cyberattacks. Since threat actors have been observed targeting these flaws in the attacks, failing to address the security issues means risking a network compromise that can lead to a catastrophic data breach or ransomware attack.

In this interview with Help Net Security, Michael Johnson, Board of Directors at Safe Security, talks about the importance of critical infrastructure security, why attacks on critical infrastructure are particularly worrying, and what can be done to thwart these threats. Our way of life could be impacted by a capable attack on critical infrastructure.

Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what's coming in 2022. In 2021, actors focused more on remote workforce or on-premise mobile devices, leading to increased malicious network scans and man-in-the-middle attacks.

Singapore's Cyber Security Group, an agency charged with securing the nation's cyberspace, has uncovered four critical flaws in code from network software company Riverbed. The vulnerable application is SteelCentral AppInternals, formerly referred to as AppInternals Xpert, provided by Riverbed's Aternity division.

The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate across the full stack set at 60 days. High rates of "Known" vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses - three of which are rated Critical in severity - potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC's Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors. Developed by Parametric Technology Corporation, the Axeda platform through locally deployed agents provides telemetry data from IoT devices on the network and the option for remote service.

Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. A report found that unpatched vulnerabilities are the most consistent and primary ransomware attack vectors.

The U.S. Cybersecurity and Infrastructure Security Agency this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," the agency said in an advisory published on March 3, 2022.