The U.S. Department of Justice has revised its policy on who it charges with violations under the Computer Fraud and Abuse Act. The DOJ now specifies that good-faith security research and researchers cannot be charged under the CFAA because they help improve cybersecurity standards.
An emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency advises all federal agencies in the country to immediately patch and address two vulnerabilities - one with a critical CVSS score and the other with a high score - that affect at least five VMware products.
The Five Eyes intelligence alliance has released a set of the 15 most routinely exploited vulnerabilities in the past year. Nine of the 15 vulnerabilities allow remote code execution, and the rest include privilege escalation, security bypass and path traversal, among other flaws.
Join this webinar to learn how Tanium can help you achieve and maintain a comprehensive view of risk across your environment as well as the tools necessary to manage that risk in real-time and at scale. In today’s distributed environment where new threat vectors and vulnerabilities emerge daily, it’s no longer...
As a security leader, you know that the way to align your vulnerability management program to support the business is to mitigate the vulnerabilities that have the biggest business impact. But that’s easier said than done. How do you discover and rate each vulnerability? How do you remediate them without disrupting...
Industrial organizations dealt with significant challenges in 2021. Cyberattacks on the Oldsmar, Florida water facility, Colonial Pipeline, and JBS, as well as the SolarWinds supply chain attack, propelled industrial cybersecurity to the national and global stage. Millions of people have woken up to the staggering...
New Cobalt CEO Chris Manton-Jones plans to push upmarket and go after enterprise customers and leverage automation and self-service to accelerate product growth. He replaces founder Jacob Hansen, who had served as CEO since Cobalt's inception in 2013 and will remain with the firm as a board member.
Claroty’s Biannual ICS Risk & Vulnerability Report offers a comprehensive look at industrial control system (ICS) vulnerabilities publicly disclosed during the second half of 2021, including those found by Team82 and those found by affected vendors, independent security researchers, and experts inside other...
Antiquated legacy penetration testing methods fail to catch all the critical vulnerabilities that exist within a company’s environment, which puts organizations at risk. Security teams are moving away from traditional pentesting methods to more innovative and continuous solutions. Learn more about the challenges and...
Penetration testing isn’t a new security technique, it’s been around for years. However, many businesses aren’t utilizing this key security test. Organizations may not fully understand the level of risk assessment, the ROI, or what to expect when Penetration Testing.
This guide from Digital Defense, by...
Sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers signed up with bug bounty platforms, which can no longer legally make payments. A researcher in Belarus says he's locked out from accessing $25,179 in his HackerOne account.
In their Security Operations Primer, Gartner has recently identified Attack Surface Management as one of the top security trends and priorities for 2022. In this webinar you will learn how to address this problem by combining ASM, Vulnerability Management and Threat Intelligence into a single solution.
Join us...
Regulators should require all medical device makers to include a baseline of certain cybersecurity protections in their products and to build in a feature that allows safe vulnerability scanning of their devices, says researcher Daniel Bardenstein, a strategist at CISA.
In a U.S. Senate hearing on Tuesday, the Apache Software Foundation and leaders from Cisco, Palo Alto Networks and The Atlantic Council discussed open-source software security, urging both government and private sector entities to recognize the breadth of the free-to-use software and adversaries' willingness to...
Britain's National Cyber Security Center has launched a trial vulnerability management project called Scanning Made Easy, designed to empower small and midsize organizations to identify if critical software flaws are present in their IT infrastructure, so they can be targeted for remediation.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.