Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple ManageEngine products. Note: CVE-2022-47966 is dependent on the specific ManageEngine product. Some products are vulnerable if SAML single-sign-on is enabled OR has ever been enabled, while others require SAML single-sign-on to be currently enabled.

Keeper Connection Manager 2.11.0 introduces new connections with PostgreSQL and Microsoft SQL Server, plus other enhancements noted below. Keeper Connection Manager allows organizations to connect to endpoints without the need for VPN.

With 70 international plants spanning 15 different countries, the AES Corporation is a next-generation energy company helping lead the way to a carbon-neutral future. Like many organizations, AES wanted to improve the security posture within their OT networks with technology spanning multiple vendors. Recently I sat down with Kyle Oetken, Director of Cyber Defense, and Andrew Plunket, Sr. Cybersecurity Engineer (OT), at AES to discuss the challenges and lessons learned for securing OT environments.

The holidays are over but the gifts keep coming! Introducing Snyk Learn learning paths! Our free developer-security education offering just got better! Snyk Learn provides free, high-quality education to developers created by security experts. We know it’s cold outside. We also know that we might be a little slow out the gate after the holidays. Emails? No more inbox 0. Slack messages? Too many to count.

In this, the second of three blog posts, we continue to examine the issues discussed in our recent webinar, “Software and Application Security Challenges and Opportunities in Banking.” In the webinar, Rhys Arkins, Mend’s VP of Product Management, was joined by James McLeod, Director of Community of the Fintech Open Source Foundation (FINOS); Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation; and Amol Shukla, Executive Director of Engineering at Morgan Stanley, to

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every movement so that employees can’t even go to the bathroom. In 1992, the New York Times ran a long article about Caller ID and how the new technology was an invasion of privacy.

Recent headlines have indicated that some major companies were affected by Remote Code Execution (RCE) vulnerabilities, just in the month of October. RCE flaws are largely exploited in the wild, and organizations are continually releasing patches to mitigate the problem. RCE is a type of an Arbitrary Code Execution (ACE) attack where the threat actor executes malicious commands on the target’s device.

As artificial intelligence (AI) advances, I am seeing a lot of discussion on LinkedIn and in the online media about the advantages it may bring for either the threat actors (“batten down the hatches, we are all doomed”) or the security defence teams (“it’s OK, relax, AI has you covered”).

The cybersecurity threats facing small and medium-sized businesses (SMBs) are real and growing. The FBI’s Internet Crime Complaint Center reports a majority of the 800,000+ complaints they received regarding cyberattacks in 2021 targeted small businesses. A cyberattack can cause significant damage to any organization. But for SMBs, a security incident that causes productivity loss, financial trouble or reputation harm can be devastating.

Adversaries continue to find new and innovative ways to penetrate an organization’s defenses. Defenders who focus on plugging these holes can find themselves exhausted and frustrated. Hunting for adversarial defense evasion for the purpose of data exfiltration and command-and-control (C2), however, remains a good strategy. Many adversaries leverage tooling to establish C2 or to enable successful data exfiltration, all while evading an organization’s defenses.