A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Something that always surprises me that still happens…. You put something on the Internet and don’t secure it, you do know what is going to happen right? Evidently people still think no one will find them.

When it comes to protecting personal healthcare information or a medical facility from cyberattacks or data breaches, the first step that must be taken is a thorough and exhaustive data assessment. The data assessment will provide your organization with a complete understanding of: Why? Because a cybersecurity team cannot be expected to protect something if it does not know it exists in the first place.

During a recent engagement Trustwave SpiderLabs discovered a vulnerability (CVE-2021-45901) within ServiceNow (Orlando) which allows for a successful username enumeration by using a wordlist. By using an unauthenticated session and navigating to the password reset form, it is possible to infer a valid username. This is achieved through examination of the HTTP POST response data initially triggered by the password reset web form. This response differs depending on a username's existence.

Over the past two years that we have lived with the pandemic, the world has changed dramatically. Those changes provided financial criminals with great opportunities to take advantage of many businesses when they were at their most vulnerable, trying to adjust to a new reality. Remote working environments, the ongoing digitization of services, COVID-19 restrictions – all have contributed to the development of new cyber threats and techniques.

When employees connect to professional networks remotely the cyber-threat level rises. Elements such as the expansion of the security perimeter of organizations when working remotely or the proliferation of threats from COVID-19-related topics have changed the way we understand cybersecurity. But there are other, more specific challenges that make it more difficult for MSPs to protect clients that have a remotely distributed workforce. These 6 challenges are.

Enterprises continue to embrace cloud technology, some driven by the desire to offload rising hardware costs and operational overhead, others enticed by the promise of scalable, on-demand, practically infinite capacity and capability only a few clicks away.

Given the sharp rise of ransomware in recent years, and how cybercriminals have evolved in the tactics they use to launch cyberattacks, organizations must be able to protect their businesses from cyber threats. The more vendors you have in your extended enterprise, the less easy that is.

Data breaches are cybersecurity events that significantly harm a company’s reputation, finances, and compliance posture. When information is leaked or extracted from your database via a third-party partner, that is known as a third-party data breach. These events can have a devastating impact when your company handles sensitive information belonging to clients.

We’ve all had it happen. You receive an email telling you that you’ve won a prize draw you never entered or a foreign prince wants to transfer you a huge sum of money and needs your bank details. These obvious scams can be spotted from a mile away and are what we tend to think of when we think of phishing, but it’s not always that apparent. Over the years, phishing scams have become harder to detect and many have fallen victim as a result.

DevOps has revolutionized how software is developed and deployed by introducing a more collaborative environment for development and bridging the gap between developers and operations. All the while ensuring flexibility to meet any consumer or market demands. However, it would be best if you implemented a proper DevOps lifecycle in your organization to take full advantage of all the benefits offered by DevOps.