December 1, 2022

Detecting and Mitigating CVE-2022-42889 a.k.a. Text4shell

latestnews / By

Originally published by Sysdig. Written by Miguel Hernández, Sysdig. A new critical vulnerability CVE-2022-42889 a.k.a. Text4shell, similar to the old Spring4Shell and Log4Shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated as a critical 9.8 severity and is always a remote code execution (RCE), which …

Detecting and Mitigating CVE-2022-42889 a.k.a. Text4shell Read More »

ASEC Weekly Malware Statistics (November 21st, 2022 – November 27th, 2022)

latestnews / By

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 21st, 2022 (Monday) to November 27th (Sunday). For the main category, downloader ranked top with 40.3%, followed by Infostealer with 35.8%, backdoor with 16.3%, ransomware with 7.2%, …

ASEC Weekly Malware Statistics (November 21st, 2022 – November 27th, 2022) Read More »

ASEC Weekly Phishing Email Threat Trend (November 13th, 2022 – November 19th, 2022 )

latestnews / By

The ASEC analysis team monitors phishing email threats with the ASEC automatic analysis system (RAPIT) and Honeypot. This post will cover the cases of distribution of phishing emails during the week from November 13th, 2022 to November 19th, 2022 and provide statistical information on each type. Additionally, we will introduce new types that were not …

ASEC Weekly Phishing Email Threat Trend (November 13th, 2022 – November 19th, 2022 ) Read More »

Thales launches CipherTrust Cloud Key Manager integrated with the AWS External Key Store

latestnews / By

Thales has launched its CipherTrust Cloud Key Manager integration with the AWS External Key Store, a feature of the AWS Key Management Service. Following an increased call for enhanced sovereign controls amid growing regulatory requirements, the integration enables organisations to retain control of their encryption keys when migrating their sensitive data to the AWS cloud. …

Thales launches CipherTrust Cloud Key Manager integrated with the AWS External Key Store Read More »

PlainID partners with Dremio to strengthen data security for organizations

latestnews / By

PlainID and Dremio partnership enables Dremio clients to leverage PlainID’s central access control platform to manage and control access to data via Dremio, allowing for advanced access controls as part of their overall data security strategy. The Dremio open data lakehouse delivers all of the data management, data governance, and analytic capabilities typically associated with …

PlainID partners with Dremio to strengthen data security for organizations Read More »

HYPR raises $25 million to reduce reliance on passwords

latestnews / By

HYPR announced a $25 million Series C1 led by Advent International through Advent Tech, the firm’s dedicated global technology fund. The investment brings HYPR’s total funds raised to $97 million and includes participation from existing investors including .406 Ventures, RRE Ventures, Top Tier Capital, and Comcast Ventures. The new injection of capital will be used …

HYPR raises $25 million to reduce reliance on passwords Read More »

Tracking the Vulnerability Weaponization Lifecycle

latestnews / By

When it comes to applying intelligence to vulnerability management, the typical conversation is focused on prioritizing high-risk vulnerabilities that have already been exploited in the wild. This can be powerful; intelligence can quickly filter your critical vulnerability patch list down from 10,000 to 100. However, threat actors are exploiting vulnerabilities faster than ever. It took …

Tracking the Vulnerability Weaponization Lifecycle Read More »

Why Ransomware Victims Avoid Calling It ‘Ransomware’

latestnews / By

The latest edition of the ISMG Security Report discusses why too few organizations admit to being victims of ransomware attacks, how delayed enterprise subscription start dates forced CrowdStrike to cut sales forecasts, and leveraging threat intelligence to protect critical infrastructure. In this report, you’ll hear (click on player beneath image to listen): ISMG’s Mathew Schwartz …

Why Ransomware Victims Avoid Calling It ‘Ransomware’ Read More »

Elastic Lays Off Nearly 400 Employees as SMB Spend Dwindles

latestnews / By

Next-Generation Technologies & Secure Development , Security Information & Event Management (SIEM) , Security Operations Search and Security Firm Will Adopt Automated, Low-Touch Motion for SMB Customers Michael Novinson (MichaelNovinson) • December 1, 2022     Ash Kulkarni, CEO, Elastic (Image: Elastic) Security, observability and search vendor Elastic will shrink its workforce by 13% due …

Elastic Lays Off Nearly 400 Employees as SMB Spend Dwindles Read More »

HHS: Web Trackers in Patient Portals Violates HIPAA

latestnews / By

Governance & Risk Management , HIPAA/HITECH , Privacy Feds Warn Impermissible Disclosures of Patient Health Data is Prohibited Marianne Kolbasuk McGee (HealthInfoSec) • December 1, 2022     HHS warns that the use of tracking code in many healthcare websites and portals could be violating HIPAA privacy regulations. Federal regulators warned healthcare entities over commercial …

HHS: Web Trackers in Patient Portals Violates HIPAA Read More »

Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover

latestnews / By

Nvidia fixed more than two dozen security flaws in its GPU display driver, the most severe of which could allow an unprivileged user to modify files, and then escalate privileges, execute code, tamper with or steal data, or even take over your device. In total, the chipmaker patched 29 vulnerabilities affecting Windows and Linux products, …

Nvidia patches 29 GPU driver bugs that could lead to code execution, device takeover Read More »

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

latestnews / By

On 30th November, Google’s Threat Analysis Group (TAG) reported that a Barcelona-based company, actually a spyware vendor, named Variston IT has been exploiting n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender under the guise of a custom cybersecurity solutions provider.  In their detailed technical report, TAG explained that Variston IT had been using their exploitation …

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days Read More »

New Go-based Redigo malware targets Redis servers

latestnews / By

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers. Redis (remote dictionary server) …

New Go-based Redigo malware targets Redis servers Read More »

Hastings Mutual Insurance: A Proactive Approach to Modernizing Content Management

Leave a Comment / latestnews / By

By Milan Shetti, CEO Rocket Software In today’s digitalized world, customers value transparency and accessibility above all else. As a result, organizations are taking a proactive approach to provide critical content to end users at the click of a button. For over 130 years, Hastings Mutual Insurance Company has served and protected its clients throughout …

Hastings Mutual Insurance: A Proactive Approach to Modernizing Content Management Read More »

9th Circ. Revives Crypto Users’ Suit Over Shopify Data Breach

latestnews / By

By Allison Grande (December 1, 2022, 10:05 PM EST) — The Ninth Circuit has resurrected a proposed class action that cryptocurrency users brought against Canadian e-commerce giant Shopify and French cryptowallet maker Ledger over a 2020 data breach, overturning a California federal court’s conclusion that it completely lacked jurisdiction over the defendants. … Read more