January 13, 2023

Onapsis and Wipro help enterprises secure their SAP applications

latestnews / By

Onapsis has formed a strategic collaboration with Wipro to drive digital transformation and business growth for customers. Enterprises embarking on their digital transformation journey are often faced with a complex SAP landscape and a limited understanding of how to secure these applications. As a result, they often overlook the need for SAP security, leaving their …

Onapsis and Wipro help enterprises secure their SAP applications Read More »

Cloudflare and Microsoft expand partnership to strengthen zero trust security

latestnews / By

Cloudflare has expanded its relationship with Microsoft to help customers easily deploy, automate, and enhance their organization’s zero trust security. Working from anywhere is more common than ever, and critical applications have moved to the cloud—no longer residing inside an office protected by a secure perimeter. This fundamental shift in where and how people work …

Cloudflare and Microsoft expand partnership to strengthen zero trust security Read More »

SailPoint acquires SecZetta to help companies validate non-employee identities

latestnews / By

With nearly half of today’s enterprises comprised of non-employees, organizations need to factor this growing group of identities into their approach to identity security. With SecZetta, SailPoint will be able to expand its capabilities to help companies gain better visibility into all types of identities, across both employee and non-employee identities – from third-party contractors …

SailPoint acquires SecZetta to help companies validate non-employee identities Read More »

Medical Imaging Firm Faces 2 Class Actions in 2022 Breach

latestnews / By

Healthcare , HIPAA/HITECH , Industry Specific Massachusetts Citizens Excluded From Feds’ Case Against Shields Health Care Group Marianne Kolbasuk McGee (HealthInfoSec) • January 13, 2023     Shields Health Care Group, a prominent Massachusetts-based medical imaging services provider, is facing proposed class action lawsuits in federal and state court stemming from a 2022 breach that …

Medical Imaging Firm Faces 2 Class Actions in 2022 Breach Read More »

Sift Snags Former Ping Identity COO Kris Nagel as New Leader

latestnews / By

Fraud Management & Cybercrime , Fraud Risk Management Kris Nagel Wants to Drive More Account Takeover, Bot Detection Engagements at Sift Michael Novinson (MichaelNovinson) • January 13, 2023     Kris Nagel, CEO, Sift (Image: Sift) Sift has landed top Ping Identity lieutenant Kris Nagel as its new CEO and tasked him with driving more …

Sift Snags Former Ping Identity COO Kris Nagel as New Leader Read More »

Schneider Electric informuje o nowych podatnościach w swoich produktach oraz aktualizuje starsze.

Leave a Comment / latestnews / By

10 stycznia 2023 r. firma Schneider Electric opublikowała zalecenia dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów. Uwzględniono aktualizacje następujących elementów: • EcoStruxure Control Expert – wszystkie wersje • EcoStruxure Geo SCADA Expert 2019, 2020 i 2021 – wersje sprzed października 2022 r. • EcoStruxure Power SCADA Anywhere – wersje 2022, 2021, 2020 R2, 2020, …

Schneider Electric informuje o nowych podatnościach w swoich produktach oraz aktualizuje starsze. Read More »

ICS-CERT informuje o nowych podatnościach w produktach firmy Black Box

Leave a Comment / latestnews / By

ProduktBlack Box KVM ACR1000A-R-R2: Wersja oprogramowania układowego v3.4.31307 Black Box KVM ACR1000A-T-R2: wersja oprogramowania sprzętowego v3.4.31307 Black Box KVM ACR1002A-T: Wersja oprogramowania układowego v3.4.31307 Black Box KVM ACR1002A-R: Wersja oprogramowania układowego v3.4.31307 Black Box KVM ACR1020A-T: Wersja oprogramowania układowego v3.4.31307Numer CVECVE-2022-4636Krytyczność7.5/10CVSSAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOpisOprogramowanie sprzętowe Black Box KVM w wersji 3.4.31307 w modelach ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R i …

ICS-CERT informuje o nowych podatnościach w produktach firmy Black Box Read More »

ICS-CERT informuje o nowych podatnościach w produktach firmy SAUTER Controls

Leave a Comment / latestnews / By

ProduktNova – wiele wersji i platform moduNet300 – wiele wersjiNumer CVECVE-2023-0052Krytyczność9.8/10CVSSAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpisSeria SAUTER Controls Nova 200–220 z oprogramowaniem układowym w wersji 3.3-006 i starszymi oraz BACnetstac w wersji 4.2.1 i starszymi umożliwia wykonywanie poleceń bez poświadczeń. Ponieważ Telnet i protokół przesyłania plików (FTP) są jedynymi protokołami dostępnymi do zarządzania urządzeniami, nieautoryzowany użytkownik może uzyskać dostęp do …

ICS-CERT informuje o nowych podatnościach w produktach firmy SAUTER Controls Read More »

Fragile Critical Infrastructure Needs Protection

latestnews / By

The recent outage of the Federal Aviation Administration’s Notice to Air Missions (NOTAM) Pilot-Alert system, which triggered a 90 minute “ground stop” delayed over 9 thousand flights and was behind the cancelation of 1300, leaving countless flyers stranded and planes grounded.  The outage shows the fragility of the transportation system, one of many components of …

Fragile Critical Infrastructure Needs Protection Read More »

Russian Hackers Exploit ChatGPT

latestnews / By

A highly-skilled group of Russian hackers has successfully managed to bypass the advanced language model, ChatGPT, created by OpenAI. This model, which is designed to understand and respond to natural language, is considered a valuable tool for various industries, including customer service and healthcare. However, the hackers’ ability to infiltrate the model’s system and manipulate …

Russian Hackers Exploit ChatGPT Read More »

Why Mean Time to Repair Is Not Always A Useful Security Metric

latestnews / By

Security teams have traditionally used mean time to repair (MTTR) as a way to measure how effectively they are handling security incidents. However, variations in incident severity, team agility, and system complexity may make that security metric less useful, says Courtney Nash, lead research analyst at Verica and main author of the Open Incident Database …

Why Mean Time to Repair Is Not Always A Useful Security Metric Read More »

10 best practices: Combating distributed work vulnerabilities

latestnews / By

EXECUTIVE SUMMARY: The coronavirus pandemic dramatically altered the way in which employees work. While providing workers with more flexibility, potentially yielding higher productivity, and reducing commute-related stress, distributed work operations have also led to a more distributed technology environment. Remote work not only expanded the cyber attack surface, it moved the attack surface beyond traditional …

10 best practices: Combating distributed work vulnerabilities Read More »

This flaw in Google Chrome & Chromium-based browsers enabled data theft of information such as cryptocurrency wallets and credentials from over 2.5 billion users

latestnews / By

Share this… Researchers from the cyber security firm Imperva Red Team have disclosed information on a newly found and fixed vulnerability that affected over 2.5 billion Google Chrome users as well as all Chromium-based browsers such as Edge and Opera. The vulnerability, which is identified as CVE-2022-3656, makes it possible for remote attackers to acquire …

This flaw in Google Chrome & Chromium-based browsers enabled data theft of information such as cryptocurrency wallets and credentials from over 2.5 billion users Read More »

Norton LifeLock Warns on Password Manager Account Compromises

latestnews / By

Norton LifeLock customers have fallen victim to a credential-stuffing attack. Cyberattackers used a third-party list of stolen username and password combinations to attempt to break into Norton accounts, and possibly password managers, the company is warning. Gen Digital, owner of the LifeLock brand, is sending data-breach notifications to customers, noting that it picked up on …

Norton LifeLock Warns on Password Manager Account Compromises Read More »

Exploit code to hack Lexmark printers and photocopiers published, uses zero day vulnerabilities

latestnews / By

Share this… The American corporation Lexmark International, Inc. is a privately owned business that specializes in the production of laser printers and other image goods. The researcher found that the product is susceptible to two vulnerabilities, either of which can be exploited by an adversary to copy file data from a source path to a …

Exploit code to hack Lexmark printers and photocopiers published, uses zero day vulnerabilities Read More »

BARR’s 2022 Year in Review: Exciting Milestones, Thought Leadership, and Associate Spotlights

Leave a Comment / latestnews / By

Another year has passed, and at BARR Advisory, we’re taking some time to reflect on our most memorable moments from the past twelve months. Not only did we experience growth, but we also accomplished exciting endeavors within our team and the cybersecurity community. While 2022 was met with some challenges—from increased cyberattacks to unprecedented worldwide …

BARR’s 2022 Year in Review: Exciting Milestones, Thought Leadership, and Associate Spotlights Read More »

The 4 best VPN services for Windows PC in 2023

latestnews / By

ExpressVPN specifications Windows support: Windows 7 or higher Simultaneous connections: 5 Kill switch: Yes Platforms: Windows, macOS, iOS, Android, Linux, and many more Logging: No browsing logs, some connection logs Countries: 94 Money-back guarantee: 30 days ExpressVPN has server locations in 94 countries, which is a considerably larger network than many of the other top VPN providers. In ZDNET’s aggregate speed tests, …

The 4 best VPN services for Windows PC in 2023 Read More »

NortonLifeLock: threat actors breached Norton Password Manager accounts

latestnews / By

Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks. The company detected an unusually large volume of failed logins to customer accounts on December 12, 2022, and …

NortonLifeLock: threat actors breached Norton Password Manager accounts Read More »

Preparing for the ‘Fifth Generation of Ransomware’

latestnews / By

Fraud Management & Cybercrime , Ransomware , Video Cybereason’s Field CISO Shares Cybersecurity Predictions for 2023 Anna Delaney (annamadeline) • January 13, 2023     Greg Day, vice president and global field CISO, Cybereason In 2023, ransomware groups will explore new methods to get money from the same victims. Greg Day of Cybereason says ransomware …

Preparing for the ‘Fifth Generation of Ransomware’ Read More »

Operational Threat Intelligence: The Definitive Guide

latestnews / By

Cyber threat intelligence involves gathering and analyzing an assortment of disparate data to help make prompt and effective security decisions related to current or potential attacks and adversaries. But simply lumping all of this information under a general label like “cyber threat intelligence” ignores the fact that there are different ways to categorize this data …

Operational Threat Intelligence: The Definitive Guide Read More »

Credit Union Must Repay Parts Co. $558K Over Cyber Scam

latestnews / By

By Katryna Perera (January 13, 2023, 9:27 PM EST) — A Virginia federal judge ruled that a credit union used by a scammer to steal more than $500,000 from a building parts manufacturer must pick up the tab for repaying those losses and more, but later rescinded his decision to award punitive damages…. Read more