March 4, 2024 at 08:48AM Hikvision has released patches for two vulnerabilities in its security management system HikCentral Professional. The more serious flaw, CVE-2024-25063, could lead to unauthorized access to specific URLs. The second bug, CVE-2024-25064, requires authentication to be exploited. Hikvision urges customers to apply the patches promptly, as prior vulnerabilities have been exploited. … Read more
December 8, 2023 at 06:52PM Trend Micro introduces Secure Service Edge (SSE) to address evolving cyber threats with Zero Trust principles, offering proactive risk control through ZTSA Internet Access. The platform’s ASRM and XDR capabilities empower users to detect critical incidents and enhance security posture. ZTSA delivers end-to-end application traffic management, data security, and risk … Read more
November 15, 2023 at 05:45AM Insider threats, where confidential information is stolen by employees or insiders, are difficult for organizations to combat. Varonis offers a data security triad approach to reduce the risk and impact of insider attacks. This approach includes sensitivity (discovery, classification, and controls), access (security and permissions management), and activity (monitoring and … Read more
November 14, 2023 at 08:09AM Summary: Join SecurityWeek and Saviynt for a live webinar on November 14 at 1PM ET to learn how to build trust in third-party relationships by implementing secure processes and tools. Topics covered include creating a secure Day-1 process, reducing risk through just-in-time access provisioning, and utilizing PAM processes to monitor … Read more
November 3, 2023 at 08:41AM Oracle now requires multifactor authentication (MFA) for all instances in its cloud environment, Oracle Cloud Infrastructure. New tenancies have MFA enabled by default for cloud administrators, and preexisting systems have a default policy to enforce MFA. Oracle provides tools for managing configuration and access control policies, including the ability to … Read more