The SolarWinds supply chain attack highlighted how vulnerable supply chains are to cyberattacks. Supply chain risk mitigation has since become an essential component of risk management strategies and information security programs. To support the success of this effort, we’ve listed the top 4 supply chain security risks you need to be aware of in 2022.
To put the impact of cybercrime into perspective, let’s examine some important, and startling, numbers: Data breach costs increased from $3.86 million to $4.24 million in 2021. Every 39 seconds, there is an attack. About 90% of healthcare organizations have fallen victim to at least one breach within the past three years. The bottom line? Cyberattacks are frequent and costly, and COVID-19 has only fueled the fire with more employers adopting a remote work structure.
Do you love SecOps in theory, but just can't seem to make it work in practice? Or, maybe you've already implemented a security operations strategy to some degree within your organization, but struggle to make IT operations and security jive as seamlessly as you would like? Either way, there's a good chance that your troubles stem from one or more of the common barriers to SecOps strategies. This article explains why businesses often fail at implementing SecOps successfully and how they can work around the roadblocks.
On March 29, 2022, a critical vulnerability targeting the Spring Java framework was disclosed. This vulnerability was initially confused with a vulnerability in Spring Cloud, CVE-2022-22963. However, it was later identified as a separate vulnerability inside Spring Core, now tracked as CVE-2022-22965 and canonically named Spring4Shell.
Most company decision-making executives know how blockchain technology works but few have adopted it within their organization at this stage. This is the conclusion drawn by the latest Pulse survey conducted on 145 senior IT managers from companies on three continents. It shows that only 8% have experienced this technology, compared to 53% who know how it works but are yet to use it.
Our security researchers, engineers, and our Crowdsource community are actively working on understanding the vulnerabilities and developing tests. We have received a dozen POCs already and anticipate more over the coming days. While the situation is rapidly developing, here is what we know so far. The Spring Cloud Function vulnerability (CVE-2022-22963) was disclosed and patched earlier this week.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Another day and another cyber heist. Not much to say really…
That’s right all, it’s time for the latest MITRE Engenuity ATT&CK® evaluation. As we have come to expect each year, Elastic — along with other security vendors — are evaluated by MITRE Engenuity, a tech foundation that brings MITRE research to the public. The evaluation focuses on emulating techniques from the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to assess vendor protection capabilities.
On Wednesday 30th March 2022, news was disclosed online about an unauthenticated RCE zero-day vulnerability in Spring Core, a framework for building modern Java-based enterprise applications.
