Annual Flexera Vulnerability Review Shows 81 Percent of All Vulnerabilities Had Available Patches, Yet Common Software Programmes Remain Unpatched Maidenhead, U.K. Flexera Software, the leading provider of Software Vulnerability Management solutions for application producers and enterprises, today released Vulnerability Review 2017, the annual report from Secunia Research at Flexera Software, which presents global data on the prevalence of vulnerabilities and the availability of patches, maps the security vulnerability threat to IT infrastructures, and explores vulnerabilities in the 50 most popular applications on private PCs. Vulnerabilities are a root cause of security issues – errors in software that can work as an entry point…
ISBuzz Team
In today’s world, not being able to see potential threats to applications is fatal for business where data is king. As the digital economy grows, business intelligence relies on three crucial areas: visibility, context and control. Did you ever see such a thing in your life? Today, there is no rhyme or reason why companies should not focus on implementing robust application security solutions to protect customer data. With rapidly increasing encrypted traffic, being able to visualise potential threats is vital to avoid both exfiltration of data and infiltration of malware. A Gartner report published in 2016 stated that only…
Study reveals most organizations take additional precautions to secure IIoT London, UK. Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a study conducted in partnership with Dimensional Research. The study looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017. IIoT are the connected devices in critical infrastructure segments such as energy, utilities, government, healthcare and finance. Tripwire’s study revealed that: Ninety-six percent of those surveyed expect to see an increase in security…
Personal data of thousands of NHS staff members in Wales was breached from the servers of third-party contractor Landauer last October. The breached data includes Welsh NHS employee names, dates of birth, radiation dosage and National Insurance numbers, more details can be found here. IT security experts from RSA,Verizon and ViaSat Europe commented below. Rashmi Knowles, CISSP Chief Security Architect EMEA at RSA: “The Welsh NHS must consider itself very lucky that the EU GDPR is not yet in play. Otherwise it would be facing a colossal fine, and rightly so. The breach itself is not even the biggest issue. The most disappointing part is the…
Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Travis Smith, Senior Security Research Engineer at Tripwir commented below. Travis Smith, Senior Security Research Engineer at Tripwire: “Building security into a product is a process which takes time and money. For device manufacturers, the primary drivers are time to market and keeping the cost low. This…
Security researchers have discovered an open source code vulnerability (CVE-2017-5638) in Apache Struts 2 – (report). The software is used widely by software developers in the financial services industry to build Java web applications. The vulnerability is being used in cyber attacks right now. Users are advised to urgently update Struts, which Apache patched earlier this week. Mike Pittenger, Head of Security Strategy at Black Duck Software, which helps organisations to manage and secure their open source commented below. Mike Pittenger, Head of Security Strategy at Black Duck Software: “Obviously, zero day vulnerabilities are a problem, in particular when an exploit is…
More than 20,000 utility employees said a low percentage of major security projects were being implemented, indicating utilities seemingly have a false belief that a Ukraine-like security breach can’t happen in the US. Tim Erlin, Sr. Director, Product Management at Tripwire commented below. Tim Erlin, Sr. Director, Product Management at Tripwire: “There’s a clear and present cybersecurity risk for utilities in North America. The industry has made significant progress in understanding and mitigating risk through the NERC Critical Infrastructure Protection standard, but the threat landscape continues to evolve. Security and compliance are related, but not the same. The defensive tools and techniques need to…
If you are reading this, you already know what GDPR is and why it is so important that your organisation is compliant. Like most working on compliance in their organisation, I have attended various GDPR events. Clearly, there is huge interest in this subject and it is interesting to see the various ways in which the topic of GDPR can be used to encourage attendees to events – even when there is a tenuous link at best. At the most recent of one of these events that I attended, the audience was asked how prepared they were for GDPR –…
WikiLeaks released a trove of documents this week alleging that CIA agents undertake major efforts to circumvent user encryption, resorting to highly targeted attacks involving physical work-arounds. IT security experts from Rubicon Labs, CipherCloud and Pushfor commented below. Rod Schultz, VP of Product at Rubicon Labs: “Encryption has never been stronger, the algorithms we have today are mathematically sound and incredibly secure. But the real problem is key management, and that is where the system is attacked. The power of an encryption algorithm is only unlocked once you have a key, but that key is the linchpin to everything. Find the…
When one compares cyber security today to what it was ten years ago, the two are almost unidentifiable as the same industry. The iPhone had only just launched; Facebook was still in it’s infancy; the Internet of Things (IoT) was still a dream. The routes a hacker could use to access a system were limited, and because of this, cyber security was built around walls. One was encouraged to block attacks with firewalls and other perimeter security that could be plugged into existing systems. There was no wider strategy, with little thought given to what would happen if those walls…
