Malicious code is not difficult to find these days, even for OT, IoT and other embedded and unmanaged devices. Public exploit proofs-of-concept (PoCs) for IP camera vulnerabilities are routinely used by Chinese APTs, popular building automation devices are targeted by hacktivists and unpatched routers used for Russian espionage.
Apria Healthcare is a healthcare equipment provider that works with more than 2 million patients annually. The company offers services in more than 280 different locations in the United States and specializes in home healthcare equipment. This organization has a significant number of employees and maintains health and personal data for employees and patients throughout the course of providing services to customers.
We are pleased to share some exciting advancements made to our platform this month. These include the introduction of folder-scoped and file type-scoped Metadata, the addition of connected folders for Desktop App Core on Mac, and significant improvements to BIM Files search and preview features. Please explore the details below for more information.
In the ever-changing world of technology, staying secure is a top priority for many organizations. Identifying and documenting system boundaries is essential for keeping data safe and secure, but what does this mean? In this article, we’ll explore system boundaries, how to identify them, and how to generate system boundary diagrams. By the end of this guide, you’ll be well-versed in understanding system boundaries and creating diagrams that can help keep your information secure!
The team at LimaCharlie continues down the path of changing the way cybersecurity tools and supporting infrastructure are delivered. Details about what has been happening for the month of May, and what is coming up, can be found below. As always, if you have any questions or concerns, please do not hesitate to contact us.
One often-overlooked risk in the bustling ecosystem of open-source software are vulnerabilities introduced through software dependencies. We mention this because today, a malicious actor took over a RubyGems package name with more than two million downloads. Mend.io technology detected the package before it could be used for an attack, but the case of ‘gemnasium-gitlab-service‘ serves as an important reminder of the risk of neglecting dependency management.
Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.
Most malware security researchers encounter in the wild is written in C or C++. These languages provide low-level system access and control, plus performance, allowing threat actors to create highly efficient and stealthy code. But that doesn’t mean cybercriminals are limited to those two languages. SecurityScorecard recently reverse-engineered the Vjw0rm worm written in JavaScript and the Java-based STRRAT remote access trojan (RAT).
In the past five years, Enterprise Attack Surfaces (EAS) have evolved significantly. EAS refer to the various entry points that cybercriminals can exploit to gain unauthorized access to an organization's digital assets. With the increasing use of cloud-based services, the proliferation of connected devices and the growing reliance on third-party vendors, attack surfaces have become broader, more numerous and more complex.
