January 17, 2024 at 02:37PM Vicarius, a New York vulnerability management firm, secured $30 million in a Series B funding round led by Bright Pixel. With total funding exceeding $56 million, the company offers automated vulnerability management through vRx and a PLG model. Their LLM-based approach with vuln_GPT aims to combat AI attacks, and the … Read more
January 12, 2024 at 12:11AM In 2024, cyber insurance requirements are set to evolve, reflecting the changing threat landscape and increasing data breach costs. Predictions include a shift towards modern attack surface management, prioritization of vulnerabilities, limited coverage for manufacturing breaches, and mandatory incident response plans. Providers emphasize adaptability in the face of evolving regulations … Read more
January 11, 2024 at 04:01AM Cisco has issued software updates to address a critical security flaw (CVE-2024-20272 – CVSS score: 7.3) in Unity Connection, allowing arbitrary file upload and execution of commands. Users are advised to update to patched versions to mitigate potential threats. Additionally, 11 medium-severity vulnerabilities have been resolved across Cisco software. Cisco … Read more
January 10, 2024 at 03:46PM Cisco has addressed a critical security flaw in Unity Connection, preventing unauthenticated attackers from gaining root privileges remotely. The vulnerability (CVE-2024-20272) allows execution of commands on the operating system by uploading arbitrary files. Additionally, Cisco patched ten medium-severity vulnerabilities in various products, including a command injection flaw in the WAP371 … Read more
January 9, 2024 at 02:33PM The U.S. Cybersecurity and Infrastructure Security Agency has added six vulnerabilities impacting products from Apple, Adobe, Apache, D-Link, and Joomla to the Known Exploited Vulnerabilities catalog. These flaws are actively exploited and pose significant risks. Federal agencies have until January 29 to patch or discontinue use of the vulnerable products. … Read more
January 9, 2024 at 02:11PM Microsoft’s January 2024 Patch Tuesday addresses 49 flaws and 12 remote code execution vulnerabilities. Notably, a Windows Kerberos Security Feature Bypass and a Hyper-V RCE were classified as critical. Microsoft also addressed an Office Remote Code Execution Vulnerability and other flaws. Other vendors released updates, including .NET, Azure, Microsoft Edge, … Read more
January 9, 2024 at 11:33AM Criminal IP, a Cyber Threat Intelligence search engine developed by AI SPERA, has partnered with Tenable for threat analysis and exposure management. It streamlines essential IP address data to Tenable’s platform, empowering users to proactively identify and mitigate potential threats. This collaboration provides a comprehensive solution for cybersecurity strategy and … Read more
January 8, 2024 at 08:36AM Security professionals are prioritizing use cases such as incident response, alert triage, vulnerability management, spear phishing, and threat intelligence for technology investments. Automation adoption is driven by the need for efficiency, with top use cases varying by industry. A standardized, data-driven and extensible platform is key for successful security automation … Read more
January 4, 2024 at 05:40PM Industrial Defender has launched the Industrial Defender Risk Signal, a risk-based vulnerability management (RBVM) solution tailored for industrial environments. The solution significantly reduces vulnerability lists, integrates threat intelligence, and allows customizable risk tolerance. Industrial Defender is a trusted provider of OT asset data and cybersecurity solutions with a mission to … Read more
January 3, 2024 at 07:58AM The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities catalog. The first vulnerability, CVE-2023-7101, affects the Spreadsheet::ParseExcel library, allowing remote code execution. The second vulnerability, CVE-2023-7024, is a heap buffer overflow issue in WebRTC in Google Chrome. Federal agencies have until January 23 … Read more