Security Awareness

May 27, 2020 Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.

May 11, 2020 Rapid7 Penetration Tests Show That Businesses Are Getting Better at Network Security

We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.

April 30, 2020 IBM Zero-Day Vulnerabilities Leave Enterprises Open to Remote Execution Attacks

Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.

April 30, 2020 Will New IoT Security Frameworks Push Compliance Obligations to the Forefront of Security Discussions?

The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.

April 23, 2020 Qualys VMDR Is Now Live: Increasing Security Threats Requires Strong Vulnerability Management Software

Qualys VMDR has hit the live market. Originally unveiled in February 2020 at Qualys Security Conference, VMDR is now publicly available as of April 16, 2020. Partnering with both large and small MSSPs, VMDR is designed to be scalable to any business enterprise and to automate the entire management cycle on all endpoints.

March 17, 2020 Windows 7 End-of-Life Troubles Continue: ESUs Don’t Apply to Enterprises That Purchased Licences

Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.

March 17, 2020 Qualys Unveils Its New Vulnerability Management, Detection, and Response Matrix

Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.

March 16, 2020 Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection

Microsoft has added its Windows 10 Tamper Protection controls to the public version of Microsoft Defender. Previously available only to enterprise users, Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.

March 11, 2020 Qualys Discovers Critical Flaw With OpenBSD Mail Server, Multiple Programs Vulnerable

Qualys Research Labs, a vulnerability management provider, discovered a vulnerability in the OpenSMTPD Mail server used in conjunction with the OpenBSD operating system. This flaw allows for an attacker to execute arbitrary code with command privileges.

March 03, 2020 United Nations Faces Cyber-Espionage; Failure to Patch Causes Breach

A leaked UN report showed that servers were compromised during a cyberattack that exploited an older version of Microsoft SharePoint. This breach is a case study in the importance of both patch management and transparency.

February 24, 2020 Microsoft Troubles Continue; Zero-Day Vulnerability Places Windows Users at Risk

Reported by Microsoft on January 17, the company admitted to another vulnerability in the older versions of its Windows products. A vulnerability in the remote code execution (RCE) was found in the scripting engine of Internet Explorer (IE).

February 24, 2020 Windows 7 Reaches End of Life; Are You About to Pay the Price?

Last fall, Microsoft announced that it would be ending support for Windows 7 on January 14, 2020.

February 04, 2020 Citrix Systems Remain Vulnerable Despite Patching Attempts

A Citrix vulnerability first discovered on December 17, 2019 is being continually exploited by ransomware attackers despite patching attempts by Citrix.

February 04, 2020 Project Zero Extends Its Vulnerability Disclosure Agreement to 90 Days, Changes to Follow

Project Zero is changing its vulnerability disclosure policy to give software developers more time to patch vulnerabilities. The policy is now shifted to a stringent 90-day policy.

January 30, 2020 Bishop Fox Discovers Eight Vulnerabilities in ConnectWise: Patching a Managed Service Provider

Cybersecurity firm Bishop Fox identified eight vulnerabilities in ConnectWise’s remote control and remote access software.

January 30, 2020 Tenable Chosen as the Successor for BeyondTrust’s Vulnerability Management Suite; BeyondTrust Steps Aside

Announced on December 31, 2019, BeyondTrust named Tenable as the successor to its Vulnerability Management suite.

January 30, 2020 Department of Defense Seeks Improved Patch Management Tech: Why You Should Care

On January 15, 2020, the Department of Defense (DoD) issued an open call to vendors to fulfill a contract to help improve their technology and inventory management.

January 28, 2020 Windows 10 Security Flaw Discovered; Millions of Devices at Risk

On January 14, Microsoft issued a statement acknowledging a crucial security flaw within its Windows 10 operating systems: a failure in the Windows 10 CryptoAPI service that affects both Windows 10 and Windows Server Update systems.

December 19, 2019 Cisco Suffers Security Flaw With Zoom Interoperability

Cisco is beginning to lose patience with its Zoom interoperability after another Zoom security risk: access for the Zoom Connector for Cisco hosted on zoom.us did not require authentication, allowing external users to join a Zoom meeting without password credentials.

November 05, 2019 KnowBe4 Completes the FedRAMP Authorization Process

On October 30, 2019, KnowBe4, a leader in the end-user security training space, was awarded Federal Risk and Authorization Management Program (FedRAMP) approval from the US federal government.

October 03, 2019 National Cyber Security Alliance Names Habitu8 As Their Official Security Awareness Video Training Partner

For 2019’s National Cybersecurity Awareness Month (NCSAM), the National Cyber Security Alliance (NCSA) has named the security awareness and training vendor Habitu8 its official partner.