Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

We’re almost two months from the disclosure of Log4Shell, and we here at Snyk couldn’t be more excited with the role we’ve gotten to play in finding and fixing this critical vulnerability that’s impacted so many Java shops. For starters, we’ve been able to help our customers remediate Log4Shell 100x faster than the industry average! How have we been able to achieve that?

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Something that always surprises me that still happens…. You put something on the Internet and don’t secure it, you do know what is going to happen right? Evidently people still think no one will find them.

When it comes to protecting personal healthcare information or a medical facility from cyberattacks or data breaches, the first step that must be taken is a thorough and exhaustive data assessment. The data assessment will provide your organization with a complete understanding of: Why? Because a cybersecurity team cannot be expected to protect something if it does not know it exists in the first place.

During a recent engagement Trustwave SpiderLabs discovered a vulnerability (CVE-2021-45901) within ServiceNow (Orlando) which allows for a successful username enumeration by using a wordlist. By using an unauthenticated session and navigating to the password reset form, it is possible to infer a valid username. This is achieved through examination of the HTTP POST response data initially triggered by the password reset web form. This response differs depending on a username's existence.

Over the past two years that we have lived with the pandemic, the world has changed dramatically. Those changes provided financial criminals with great opportunities to take advantage of many businesses when they were at their most vulnerable, trying to adjust to a new reality. Remote working environments, the ongoing digitization of services, COVID-19 restrictions – all have contributed to the development of new cyber threats and techniques.

When employees connect to professional networks remotely the cyber-threat level rises. Elements such as the expansion of the security perimeter of organizations when working remotely or the proliferation of threats from COVID-19-related topics have changed the way we understand cybersecurity. But there are other, more specific challenges that make it more difficult for MSPs to protect clients that have a remotely distributed workforce. These 6 challenges are.

Enterprises continue to embrace cloud technology, some driven by the desire to offload rising hardware costs and operational overhead, others enticed by the promise of scalable, on-demand, practically infinite capacity and capability only a few clicks away.

Given the sharp rise of ransomware in recent years, and how cybercriminals have evolved in the tactics they use to launch cyberattacks, organizations must be able to protect their businesses from cyber threats. The more vendors you have in your extended enterprise, the less easy that is.

Data breaches are cybersecurity events that significantly harm a company’s reputation, finances, and compliance posture. When information is leaked or extracted from your database via a third-party partner, that is known as a third-party data breach. These events can have a devastating impact when your company handles sensitive information belonging to clients.