Security vulnerabilities news stories

Tenable has announced additions to Tenable Cloud Security that represent the next step in assessing threats related to cloud vulnerabilities.

Flashpoint has released The State of Vulnerability Intelligence: 2022 Midyear Edition, finding that the current state of the vulnerability disclosure landscape is ‘highly volatile’.

"Ransomware attackers are also becoming more organised [...] as they engage with cyber criminals and the victimised organisations."

Claroty’s research arm (Team82) has uncovered and disclosed two critical vulnerabilities in FileWave’s Mobile Device Management (MDM) system.

Rapid7 has added new layered context capabilities to its InsightCloudSec offering to give security teams a consolidated, unified, real-time view of risk signals.

Sophos has revealed that the ransomware gang BlackCat has added Brute Ratel, a pentesting tool, to its arsenal of attack tools.

Hackers are moving fast to exploit security vulnerabilities. There was a surge in widespread zero-day attacks last year, with the average time to exploitation down from 42 days in 2020 to just 12 days in 2021. 

New research from Secureworks has uncovered new information on the Chinese threat group BRONZE STARLIGHT and how they are using targeted ransomware to initiate complicated attacks.

Forescout’s Vedere Labs has disclosed OT: ICEFALL, naming 56 vulnerabilities affecting devices from 10 operational technology vendors.

Advent One has partnered with New York based vulnerability management company, Vicarius to accentuate cybersecurity detection and response capabilities

Research finds that there has been a 36% increase in cyber attack dwell time, with a median intruder dwell time of 15 days in 2021 versus 11 days in 2020.

The new cloud-based solution gives insights into an organisation's risk posture along with the ability to use drag and drop workflows to orchestrate responses.

MicroFocus has released Data Center Automation (DCA) for software-as-a-service (SaaS) delivery, offering more cost-effective vulnerability risk and IT compliance management.

Armis' new solution for risk-based vulnerability management enables businesses to prioritise mitigation efforts across the entire asset attack surface.

BeyondTrust has released its 2022 Microsoft Vulnerabilities Report, finding that Elevation of Privilege is the top vulnerability category for the second consecutive year.

New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.

“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."

The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.

The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.

Phishing, the practice of sending malicious emails to encourage users to perform actions that benefit an attacker, is a key security concern for modern businesses due to its prevalence and impact.

The National Cyber Security Centre (NCSC) has issued a cyber security advisory in collaboration with its international partners detailing common vulnerabilities and exposures.

“We’re at a critical juncture in cybersecurity and observing increasingly hostile behaviour across an ever-expanding attack surface."

New Invicti Research has found that vulnerabilities are rising, and that government and education sectors are particularly at risk.

Rapid7 has released its latest Vulnerability Intelligence Report detailing the most significant security vulnerabilities and cyber attacks in 2021.