%term

Detecting and mitigating CVE-2021-4034: "Pwnkit" local privilege escalation

Jan 28, 2022 By Jason Avery In Sysdig

A new advisory from Qualys discloses a local privilege escalation bug in SUID-set program ‘pkexec’. The flaw has been designated the CVE ID of CVE-2021-4034 and nicknamed “pwnkit” by the vulnerability finders. The CVSSv3 base score is calculated to be a high 7.8 out of 10.0. The vulnerable program is a part of Polkit, which manages process privileges.

Read Post

Sysdig

Read more about Detecting and mitigating CVE-2021-4034: "Pwnkit" local privilege escalation

How to Scale Your Vendor Risk Management Program in 2022

Jan 28, 2022 By Edward Kost In UpGuard

As cybersecurity regulations continue to tighten their grip on vendor security, a greater weight of responsibility is expected to fall on Third-Party Risk Management Programs. So if you're currently struggling to keep up with your vendor security due diligence, your workflow congestion will only worsen if a scalable and streamline vendor risk management program isn't achieved.

Read Post

UpGuard

Read more about How to Scale Your Vendor Risk Management Program in 2022

Protecting Mobile Point of Sale and Financial Apps From Cyber Breaches

Jan 28, 2022 By Lookout In Lookout

Learn how the Lookout App Defense Solution is protecting leading mPOS providers, mobile banking, and finance/fintech apps from cyber threats.

View Video

Lookout

Read more about Protecting Mobile Point of Sale and Financial Apps From Cyber Breaches

RFDiscussion #3 - AWS IAM Join Tokens

Jan 28, 2022 By Teleport In Teleport

Deep dive into how Teleport uses a new IAM join method to makes it easier to enroll a fleet of servers into Teleport.

View Video

Teleport

Read more about RFDiscussion #3 - AWS IAM Join Tokens

How OpenBullet is used and abused by cybercriminals

Jan 28, 2022 By Yasmin Duggal In Netacea

OpenBullet is a testing suite of software allowing users to perform requests on a target web application. The open source tool can be found on GitHub and is used by businesses for various legitimate purposes including scraping and parsing data and automated penetration testing. Although designed to aid security professionals, in the wrong hands OpenBullet can be abused for the opposite purpose.

Read Post

Netacea

Read more about How OpenBullet is used and abused by cybercriminals

CMMC Town Hall With Matt Travis - CEO, CMMC-AB | 1/12/22 | NeoSystems

Jan 28, 2022 By NeoSystems In NeoSystems

NeoSystems CMMC Town Hall Series: Join NeoSystems’ Chief Information Security Officer, Ed Bassett, for our weekly CMMC Town Hall designed for the Defense Industrial Base and GovCon community. Each session features special guests and offers an opportunity for attendees to ask questions regarding CMMC and cybersecurity. Topics covered include CMMC compliance requirements, how to prepare for CMMC certification, and the latest updates from the CMMC AB.

View Video

NeoSystems

Read more about CMMC Town Hall With Matt Travis - CEO, CMMC-AB | 1/12/22 | NeoSystems

What a Modern Privileged Access Management (PAM) Solution for Cloud-Native Applications Looks Like

Jan 28, 2022 By Sakshyam Shah In Teleport

Privileged Access Management (PAM) is a go-to solution to prevent privilege misuse and insider threats, and limit malware propagation. After all, properly protecting and monitoring the keys to the kingdom is always a good practice. Privileged Access Management has been even more critical in recent times. With the advent of the cloud where infrastructure is provisioned with a single API call and authenticated with a single API key, the risk of someone misusing these credentials is far higher.

Read Post

Teleport

Read more about What a Modern Privileged Access Management (PAM) Solution for Cloud-Native Applications Looks Like

Data Privacy Day, Part 1: What you need to know about data privacy

Jan 27, 2022 By IT Security In ManageEngine

Data Privacy Day (known in Europe as Data Protection Day) is an international event aimed at raising awareness about data privacy and protection practices among businesses as well as internet users. In this blog series, we’ll attempt to do the same. This first blog post will shed light on data privacy as a whole, important data privacy laws, and some data collection practices that can help you adhere to these laws.

Read Post

ManageEngine

Read more about Data Privacy Day, Part 1: What you need to know about data privacy

Crossword Cybersecurity Supports British Educational Suppliers Association Members with Cyber Essentials Certification and Access to Rizikon Assurance

Jan 27, 2022 By Crossword Cybersecurity

Crossword Cybersecurity Plc is today announcing that its online software assurance platform, Rizikon, is being made freely available to the British Educational Suppliers Association ("BESA") as a single-use cyber security assessment to support them towards Cyber Essentials certification.

Read Post

Read more about Crossword Cybersecurity Supports British Educational Suppliers Association Members with Cyber Essentials Certification and Access to Rizikon Assurance

Elevate AWS threat detection with Stratus Red Team

Jan 27, 2022 By Christophe Tafani-Dereeper In Datadog

A core challenge for threat detection engineering is reproducing common attacker behavior. Several open source and commercial projects exist for traditional endpoint and on-premise security, but there is a clear need for a cloud-native tool built with cloud providers and infrastructure in mind. To meet this growing demand, we’re happy to announce Stratus Red Team, an open source project created to emulate common attack techniques directly in your cloud environment.

Read Post