January 17, 2024 at 06:30AM Oracle issued 389 new security patches in its January 2024 Critical Patch Update, addressing numerous critical-severity vulnerabilities. The update covers over 200 unique CVEs, with emphasis on Financial Services Applications, Communications, and MySQL. Oracle urges prompt patch application, warning of potential in-the-wild exploitation. The company plans three more Critical Patch … Read more
January 16, 2024 at 07:10PM Security teams increasingly collaborate with internal and external partners for incident response, recognizing the importance of coordination. 63% coordinate with internal communications, 44% know whom to contact in HR, and 39% have dedicated resources for external communications. Cross-functional collaboration is crucial due to the wide-reaching impact of security breaches. Also, … Read more
January 15, 2024 at 11:31PM As children grow, their problems become more complex, resembling the challenges faced by maturing enterprises. The evolving technology landscape necessitates a strategic distributed cloud platform partner to manage complexity, facilitate vendor consolidation, handle mergers/acquisitions, cope with innovation pressure, and combat the evolving threat landscape for improved security and simplified management. … Read more
January 11, 2024 at 10:41AM Former Microsoft product head Panos Panay has left to lead Amazon’s product division, aiming to enhance their device ecosystem, including Alexa, Echo, and Fire TV. The rising number of IoT devices presents security concerns, especially as consumer devices infiltrate commercial networks. Amazon’s plans to expand its device range could compound … Read more
January 11, 2024 at 09:43AM On the first Patch Tuesday of 2024, Intel, AMD, Zoom, and Splunk released security advisories. Intel addressed BIOS firmware vulnerabilities, AMD reported a low-severity SEV-SNP issue, and Splunk patched critical and high-severity vulnerabilities. Zoom informed customers of a high-severity flaw affecting Windows products. Several other companies also released their first … Read more
January 10, 2024 at 08:33AM Kyocera Device Manager vulnerability enables attackers to capture credentials and compromise accounts. As a result, enterprise credentials are exposed, posing a security risk. Based on the meeting notes, it appears that there is an improper input validation flaw in the Kyocera Device Manager. This vulnerability allows attackers to capture credentials … Read more
January 3, 2024 at 07:07PM Microsoft disabled the ms-appinstaller URI scheme due to its misuse by threat actors to install malware. The scheme was re-enabled on August 5, 2022, for some enterprise customers. However, its abuse allowed bypassing of Microsoft’s security checks. Microsoft is revoking abused code signing certificates and advising updates and policy changes … Read more
December 19, 2023 at 01:05PM Large language models (LLMs) such as ChatGPT have found various uses in enterprise security, from log analysis to rewriting documentation. Google Bard is being tested for simplifying and rewriting security policies. It offers unique features such as authoritative language and multiple draft options, making it a valuable tool for creating … Read more
December 15, 2023 at 11:04AM Cybersecurity vendors emphasize the need for enterprises to switch from standalone products to cybersecurity platforms. Despite this, research shows an increasing number of standalone products used by organizations. Omdia suggests reasons like ineffective communication by platform vendors, entrenchment in existing tools, reluctance to cede control, and platforms not delivering desired … Read more
December 12, 2023 at 02:06PM SAP announced 15 new and two updated security notes in its December 2023 Security Patch Day. This includes ‘hot news’ notes addressing vulnerabilities in SAP Business Technology Platform, Business Client, and OS command injection flaws in SAP ECC and SAP S/4HANA. Various other high and medium-priority issues were also resolved. … Read more