Organizations often have their confidential information illicitly for sale on the darknets, but they don’t know it. Statistically, over 75% of compromised credentials are reported to the victim organization by law enforcement when it has become too late. That’s why dark web monitoring tools providers are the appropriate solution to help you know on time when your credentials are stolen and exposed on the dark web.
The Cybersecurity Maturity Model Certification (CMMC) is a well-known framework for assessing the maturity of an organization’s cybersecurity. It’s designed to help organizations improve their cybersecurity by raising awareness about best practices and implementing a roadmap.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we will explore the concept of the metaverse and what it holds for the future of technology and user experience. Illustration by Dorathe Victor When Facebook changed its name to Meta in September 2021, a new buzzword took over the tech world: the metaverse.
On January 25, 2022, Qualys announced the discovery of a local privilege escalation vulnerability that it identified as PwnKit. The PwnKit vulnerability affects PolicyKit’s pkexec, a SUID-root program installed by default on many Linux distributions. The same day of the announcement, a proof of concept (PoC) exploit was built and published by the security research community.
Nowadays you need a scorecard to keep track of the monthly acquisitions and mergers in the cybersecurity industry. Mergers and acquisition (M&A) of products, capabilities, and companies has become a common strategy for business and market growth. Even through the Covid19 pandemic, trends in acquisition and consolidation of information security oriented companies remained quite strong. In fact, the volume of U.S.
Disruptive and destructive cyber operations have been levied against elements of Ukrainian society by adversaries attributed to the Russian government — or groups highly likely to be controlled by them — since at least 2014. These operations have impacted several sectors, including energy, transportation and state finance, and have attempted to influence political processes and affect businesses more broadly within the country.
A new advisory from Qualys discloses a local privilege escalation bug in SUID-set program ‘pkexec’. The flaw has been designated the CVE ID of CVE-2021-4034 and nicknamed “pwnkit” by the vulnerability finders. The CVSSv3 base score is calculated to be a high 7.8 out of 10.0. The vulnerable program is a part of Polkit, which manages process privileges.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Last week’s attack on Crypto.com did in fact lead to lost currency….
As Data Privacy Day once again rolls around, we can look back at some healthy improvements when it comes to privacy that organizations made over the previous 12 months. We can also use this yearly reminder on such an important topic to look forward to the coming year to pinpoint where additional changes are needed.
