July 30, 2024 at 08:06AM The National Vulnerability Database, overseen by NIST, faces a mounting backlog, projected to reach almost 30,000 unaddressed vulnerabilities by year-end. With constraints hindering timely analysis, NVD’s ability to support defenders in prioritizing and responding to security flaws is compromised. Collaborations and augmented resources aim to alleviate the backlog before fiscal … Read more
July 28, 2024 at 10:06PM Protecting computers’ BIOS and boot process is crucial for modern security, yet recent research by Binarily found that PCs and components from major manufacturers used outdated test platform keys, leaving them vulnerable to exploitation. Security specialists urge scanning for vulnerability using a free tool and emphasize the importance of implementing … Read more
July 25, 2024 at 10:06AM Cybersecurity risks extend to operational technology (OT), often overlooked by IT and cybersecurity professionals. Lack of attention on OT attacks, such as those on critical infrastructure, highlights the need for better security measures. Proposed solutions include risk management, visibility, documentation, and secure remote access. Challenges persist due to limited tools, … Read more
July 25, 2024 at 03:33AM Summary: Patching remains a challenging and laborious task for IT professionals, with low success rates and growing complexities from an increasing number of software applications and vulnerabilities. While automation tools and improved visibility in endpoint management products offer potential solutions, lack of ownership and reluctance to adopt new approaches are … Read more
July 24, 2024 at 10:04AM Organizations are increasingly reliant on web browsers, elevating their significance in accessing critical systems and data. However, the widespread use of multiple browsers across different roles complicates security efforts. Vulnerabilities and dangerous exploits in web browsers pose significant risks, highlighting the need for robust patch management and security policies to … Read more
July 23, 2024 at 10:07AM The SBOM, originally created by NTIA, has transitioned from niche to mandatory for federal agencies and security teams due to the rise in supply chain attacks. However, the current fragmented implementation is hindering its effectiveness. The need for a unified, comprehensive format is crucial to enhance software supply chain security … Read more
July 22, 2024 at 04:52PM Seemplicity has released the 2024 Remediation Operations Report, based on a survey of 300 U.S. cybersecurity professionals. Key findings include a growing security budget, increased reliance on automation in vulnerability management, and the anticipated impact of AI in the field. The report also highlights the challenges and opportunities presented by … Read more
July 18, 2024 at 01:54PM Researchers discovered a fake ad blocker in China targeting Internet cafés that conceals sophisticated malware. “HotPage.exe,” approved by Microsoft, appears as adware but can intercept web traffic, introduce more ads, and drop a system-level driver. ESET reported it to Microsoft, who removed it on May 1. The malware is developed … Read more
July 18, 2024 at 07:45AM Cisco announced software updates for around a dozen vulnerabilities, which included critical-severity bugs in Secure Email Gateway and Smart Software Manager On-Prem. The flaws could allow an attacker to execute arbitrary code, initiate denial-of-service conditions, or access the web UI with compromised user privileges. Cisco also addressed high-severity vulnerabilities in … Read more
July 18, 2024 at 02:19AM Cisco released patches for a critical security flaw in Smart Software Manager On-Prem (Cisco SSM On-Prem) allowing remote attackers to change user passwords. The flaw, tracked as CVE-2024-20419, carries a CVSS score of 10.0. CISA also added three vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply … Read more