The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In addition to managing changes to their infrastructure, organizations must also keep an eye on the changes made to essential files.
Cybersecurity funding in corporate environments has always been a source of anxiety for those who seek to keep organizations safe. When we examine the cybersecurity readiness of many state, local, and territorial governments, this funding struggle is taken to new heights of scarcity. Fortunately, a new program has been created by the Department of Homeland Security (DHS) to improve this shortfall, and better protect municipalities in the United States.
Here is everything you need to know about Sectigo code signing certificates. Software security is one of the key concerns of businesses around the world. As the number of cyberattacks is increasing, it has become vital for businesses to ensure that their software is received graciously by the audience. This is where code signing steps in. Code signing is a process of signing the software code or driver with a digital signature using a code signing certificate.
19.10.2022 - As part of our goal to continuously improve our vulnerability detectors, we continuously test various open-source projects with Jazzer within OSS-Fuzz. In this case, a test run yielded a severe finding with a potential remote code execution in a HSQLDB (CVE-2022-41853).
A new critical vulnerability CVE-2022-42889 a.k.a Text4shell, similar to the old Spring4shell and log4shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated as a critical 9.8 severity and it is always a remote code execution (RCE) which would permit attackers to execute arbitrary code on the machine and compromise the entire host.
In 2021, manufacturing became cybercriminals’ most targeted industry as a surge in global ransomware attacks disrupted manufacturing operations and exacerbated supply chain woes. This put even more pressure on manufacturing organizations that were already feeling the heat. Recognizing that ransomware attacks can stem back to software vulnerabilities, many manufacturers are exploring ways to strengthen their software security programs.
Over the last few years, rapid digital payment adoption and technology development have played an essential role in making international money transfers cheaper, faster, and easier than they were decades ago. The volume of cross-border transactions is now expected to grow to $39.9 trillion by 2026, as these payments are essential in the interconnected economy.
Seeking to stay ahead of hackers, many researchers have asked themselves what drives cyber risk. And many cyber insurance carriers have wondered how to accurately underwrite and price the risk. According to preliminary results from SecurityScorecard’s joint work with our cyber insurance partners, the answer is clear but multi-faceted.
Passwords have been employed by many since the days of the Roman Empire, and they quickly became omnipresent as we approached the digital age. However, rapid changes in the security landscape have forced us to evolve what our passwords look like and how they are used. At times, this has led to conflicting advice and confusion on what proper password management looks like. By clarifying how to best create and use passwords, we can make it easier for people to stay safe online.
