vulnerability management | Breaking Cybersecurity News | The Hacker News

Atlassian has released software fixes to address  four critical flaws  in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471  (CVSS score: 9.8) - Deserialization vulnerability in  SnakeYAML library  that can lead to remote code execution in multiple products CVE-2023-22522  (CVSS score: 9.0) - Remote code execution vulnerability in Confluence Data Center and Confluence Server (affects all versions including and after 4.0.0) CVE-2023-22523  (CVSS score: 9.8) - Remote code execution vulnerability in Assets Discovery for Jira Service Management Cloud, Server, and Data Center (affects all versions up to but not including 3.2.0-cloud / 6.2.0 data center and server) CVE-2023-22524  (CVSS score: 9.6) - Remote code execution vulnerability in Atlassian Companion app for macOS (affects all versions up to but not including 2.0.0) Atlassian described CVE-2023-22522 as a template injection flaw that allo

In 2023, the global average cost of a data breach reached  $4.45 million . Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity measures might not be cutting it anymore.  Against this backdrop, businesses must find ways to strengthen their measures to safeguard precious data and critical assets. At the heart of this shift lies a key strategy: continuous monitoring. Understanding Continuous Security Monitoring in Cybersecurity Continuous monitoring is a dynamic approach that encompasses several techniques to fulfil a multi-layered defense strategy. These techniques can include:  Risk-Based Vulnerability Management (RBVM): Continuous vulnerability assessments across your network with remediation prioritization based on

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Veeam has released  security updates  to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547  (CVSS score: 9.9) - An unspecified flaw that can be leveraged by an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database, resulting in remote code execution on the SQL server. CVE-2023-38548  (CVSS score: 9.8) - A flaw in Veeam ONE that allows an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service. CVE-2023-38549  (CVSS score: 4.5) - A cross-site scripting (XSS) vulnerability that allows a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role. CVE-2023-41723  (CVSS score: 4.3) - A vulnerability in Veeam ONE that permits a user with the Veeam ONE Rea

When organizations start incorporating cybersecurity regulations and cyber incident reporting requirements into their security protocols, it's essential for them to establish comprehensive plans for preparation, mitigation, and response to potential threats. At the heart of your business lies your operational technology and critical systems. This places them at the forefront of cybercriminal interest, as they seek to exploit vulnerabilities, compromise your data, and demand ransoms. In today's landscape, characterized by the ever-present risk of ransomware attacks and the challenges posed by fragmented security solutions, safeguarding your organization is paramount. This is where  The National Institute of Standards and Technology (NIST) advocates  for the development of resilient, reliable security systems capable of foreseeing, enduring, and rebounding from cyberattacks.  In this guide, we'll explore strategies to fortify your defenses against cyber threats and ensure

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as  CVE-2023-34048  (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the  DCE/RPC protocol . "A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution," VMware  said  in an advisory published today. Credited with discovering and reporting the flaw is Grigory Dorodnov of Trend Micro Zero Day Initiative. VMware said that there are no workarounds to mitigate the shortcoming and that security updates have been made available in the following versions of the software - VMware vCenter Server 8.0 (8.0U1d or 8.0U2) VMware vCenter Server 7.0 (7.0U3o) VMware Cloud Foundation 5.x and 4.x Given the criticality of the flaw and the lack of temporary mitigations, the virtualization

SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert's head spin. If you're embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance? Cybersecurity compliance means you have met a set of agreed rules regarding the way you protect sensitive information and customer data. These rules can be set by law, regulatory authorities, trade associations or industry groups.  For example, the GDPR is set by the EU with a wide range of cybersecurity requirements that every organization within its scope must comply with, while ISO 27001 is a voluntary (but internationally recognized) set of best practices for information security management. Customers increasingly expect the assurance that compliance brings, because breaches and data disclosure will

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of attackers' opportunities. Vulnerabilities only represent a small part of the attack surface that attackers can leverage. Initially, organizations used manual methods to address known security weaknesses, but as technology and cyber threats evolved, a more automated and comprehensive approach became necessary. However, legacy vulnerability management tools were designed primarily for compliance and modern tools still face challenges in prioritization and limited resources, especially in dynamic and agile cloud environments. Modern vulnerability management integrates security tools such as scanne

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from lag time in OEM adoption, patch testing pain points, end user update issues and more." Security threats also stem from incomplete patches applied by vendors, with a chunk of the zero-days exploited in the wild turning out to be variants of previously patched vulnerabilities. Mitigating such risks requires addressing the root cause of the vulnerabilities and prioritizing modern secure software development practices to eliminate entire classes of threats and block potential attack avenues. Taking these factors into consideration, Google said it's forming a Hacking

A recently published  Security Navigator  report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct the most significant flaws and reduce the company's attack surface the most. Company data and threat intelligence need to be correlated and automated. This is essential to enable internal teams focus their remediation efforts. Suitable technologies can take the shape of a global Vulnerability Intelligence Platform. Such a platform can help to prioritize vulnerabilities using a risk score and let companies focus on their real organizational risk.  Getting Started Three facts to have in mind before establishing an effective vulnerability management program:  1. The number of discov

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, these would all live on one "corporate network," - networks today are often just made up of the devices themselves, and how they're connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centres where services live. So what threats does this modern network face? Let's look at them in more detail. #1 Misconfiguration According to recent research by  Verizon , misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it&

Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations who look to open source components as the key to their application building success. Thanks in part to the "thousand eyeballs" of the community, the number of reported vulnerabilities in open source projects is on the rise, spiking 51% in 2017 from the previous year. This is even more concerning since, as shown in the same study, most vulnerabilities are found in popular projects. Data shows that 32% of the top 100 open source projects have at least one vulnerability, meaning that developers have their work cut out for them, no matter which components they are using in their products.

Attackers care about ROI – they want to accomplish their objective with the least investment of time and resources possible. The same is true for you - to most effectively manage vulnerabilities, you need to think like an attacker. Ask yourself: How would you go about compromising systems, exfiltrating valuable information and making money? What are the key assets in your network that you would target? How would you get to these assets? Attackers are looking for vulnerabilities that are exposed – ones offering them an easy way to penetrate your network and pivot into the truly valuable assets on your network. Although zero-day exploits are heavily publicized, attackers more often use older, proven exploits very effectively. Fortunately, many such exploits are well known and have clear remediation methods. So, how can you determine if a known vulnerability is actually exploitable? The key is to correlate system vulnerabilities with threat intelligence so you can prioriti

The U.S. government repository of standards based vulnerability management website National Vulnerability Database (NVD) was hacked by some unknown attacker last week. The website of NVD ( https://nvd.nist.gov/index.html ) is down since Friday due to a malware infection on two web servers, discovered on Wednesday. The main page of website reads," The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available ." According to a post available on Google+ by Kim Halavakoski , who contacted NIST Public Inquiries Office to know about the issue," On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was

A recent report suggests that focusing too much on new security threats might make companies overlook older, more commonly exploited vulnerabilities. The report by TrustWave is based on data from over 1,900 penetration tests and more than 200 data breach investigations for clients like American Express, MasterCard, Discover, Visa, and several large retailers. The analysis shows that major global companies are hiring "vulnerability chasers" who look for the latest vulnerabilities and zero-day threats while ignoring the most common ones. As a result, companies are being compromised by old, well-known vulnerabilities rather than new attack methods. For example, the top three ways hackers accessed corporate networks in 2009 were through remote access applications, trusted internal network connections, and SQL injection attacks. These attack methods have been well-known for years. SQL injection vulnerabilities, for instance, have been known for at least 10 years but are still c