Vulnerability Remediation Tracking
Vulnerability remediation tracking is one of the important components of cyber security practices. In this blog post, we gathered all the necessary information you must have in regards to this topic.
Vulnerability remediation tracking is one of the important components of cyber security practices. In this blog post, we gathered all the necessary information you must have in regards to this topic.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Amazing, if not scary selection of news items this week. However, I’m going to pick out three curious and on the face of it ones that would otherwise fly past without interest. The first, and its a subject that really interests me: How do the scammers succeed at social engineering so frequently? Perhaps we can learn a little bit more from this one.
Magecart attackers have been collecting sensitive information from thousands of online stores after compromising top eCommerce platform and payment service provider Volusion. Since September 7, hackers have activated online credit card skimmers on 3,126 online shops hosted by Volusion. That's according to Trend Micro security researchers' latest report.
Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed information security vulnerabilities and exposures. CVE was launched in 1999 by the MITRE corporation to identify and categorize vulnerabilities in software and firmware. CVE provides a free dictionary for organizations to improve their cyber security. MITRE is a nonprofit that operates federally funded research and development centers in the United States.
The cutting edge of cybersecurity is moving away from a reactive defense. Instead of analysts waiting for a threat to happen, they are proactively searching out attackers in their environment. Attackers are dynamic. They are always changing and improving their capabilities, which means that defenders need to lean in and adapt even faster to keep up. Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you.
Email spoofing is the creation of emails with a forged sender address. Because core email protocols lack authentication, phishing attacks and spam emails can spoof the email header to mislead the recipient about the sender of the email. The goal of email spoofing is to get recipients to open, respond and engage with the email message. Email spoofing can greatly increase the effectiveness of phishing and other email-based cyber attacks by tricking the recipient into trusting the email and its sender.
Alien Labs and the Open Threat Exchange (OTX) development team have been hard at work, continuing our development of the OTX platform. As some of you may have noticed, we’ve added some exciting new features and capabilities this last year to improve understanding within the OTX community of evolving and emerging threats.