Social Engineering

At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys. In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that have been actively exploited, already have documented proof-of-concept exploits, or are classified as remote code execution vulnerabilities.  The vulnerability data…

Read More

AI-focused cybersecurity vendor Darktrace has announced the release of Newsroom, a new detection and warning system for critical vulnerabilities that uses open-source intelligence (OSINT) sources to identify threats posed to businesses. Newsroom leverages deep and AI-assisted knowledge of a customer’s external attack surface to gauge its exposure to detected vulnerabilities and provides a summary of exploits, affected software and assets within the organization, Darktrace stated. It also provides vulnerability mitigation guidance specific to businesses, while…

Read More

Nearly half of CISOs will change jobs by 2025 due to stress caused by the risk of being breached while trying to retain staff, according to the Gartner report, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. The research firm found that the stressors of the cybersecurity world make the job of a cybersecurity professional unsustainable. This includes the knowledge that there are only two possible outcomes: get hacked or don’t. “The psychological impact…

Read More

Cyberattacks targeting multiple data centers in several regions globally have been observed over the past year and a half, resulting in exfiltration of information pertaining to some of the world’s biggest companies and the publishing of access credentials on the dark web, according to cybersecurity company Resecurity. “Malicious cyber activity targeting data center organizations creates a significant precedent in the context of supply chain cybersecurity,” Resecurity said in a blog post. “Resecurity expects attackers to…

Read More

The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report, cybersecurity firm Malwarebytes selected five threats that they consider to be archetypes for some of the most common malware families observed in 2022: LockBit ransomware The…

Read More

Cloud-based permissions management startup Entitle debuted Wednesday with the launch of its namesake SaaS-based application, designed to automate access requests and solve the problem of what it calls the “entitlement sprawl” faced by corporations. Enterprise security teams are confronted with an overwhelming amount of permission requests, the Israel-based company said. “We saw that permission management is becoming a big issue and interviewed heads of security about the challenges with governance and relevance of access,” said…

Read More

Deployment of backdoors on networks was the top action attackers made in almost a quarter of all incidents remediated in 2022. “Backdoors led to a notable spike in Emotet cases in February and March. That spike inflated the ranking of backdoor cases significantly, as those deployed in this timeframe account for 47% of all backdoors identified globally throughout 2022,” according to the newly released IBM Security X-Force Threat Intelligence Index. “Increased backdoor deployment may also be due to…

Read More

Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers, and researchers. TLP grew out of efforts by various public-sector security incident response teams of various nations that began sharing security alerts. The protocol was developed so that recipients of threat data could assess its sensitivity and determine how to share it…

Read More

Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration. The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial  authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors…

Read More