Common Vulnerability Scoring System

MITRE, Red Balloon Security, and Narf Announce EMB3D™ – A Threat Model for Critical Infrastructure Embedded Devices

Retrieved on:

Wednesday, December 13, 2023

Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.

Key Points:

Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.
The EMB3D™ Threat Model, a collaborative effort by MITRE , Niyo Little Thunder Pearson ( ONEGas, Inc.), Red Balloon Security , and Narf Industries , provides a common understanding of the threats posed to embedded devices and the security mechanisms required to mitigate them.
These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices.
“Together, we are committed to enhancing the cyber posture of critical infrastructure sectors that rely on Operational Technology (OT) technologies.

PX5 Commits to Long-Term Value for ThreadX Developers with Spin-Off of RTOSX Subsidiary

Retrieved on:

Tuesday, November 21, 2023

RTOSX will provide professional support, extended long-term maintenance, and engineering services to developers using the ThreadX embedded real-time operating system, and PX5 will remain the leading developer of the industry’s most advanced runtime solutions for deeply embedded applications.

Key Points:

RTOSX will provide professional support, extended long-term maintenance, and engineering services to developers using the ThreadX embedded real-time operating system, and PX5 will remain the leading developer of the industry’s most advanced runtime solutions for deeply embedded applications.
Having decades of direct experience, RTOSX is uniquely positioned to help ThreadX developers and create the best of both worlds – free open-source software with professional support.
RTOSX offers fully ticketed professional support for ThreadX, including a Service Level Agreement (SLA) that typically results in same-day response and fast issue resolution.
This includes monitoring the ThreadX open-source community and proactively alerting developers if/when significant issues are reported, including Common Vulnerabilities and Exposures (CVE).

Malwarebytes Announces Free Vulnerability Assessment to Help IT Organizations Improve Security Posture Without Extra Costs

Retrieved on:

Wednesday, December 6, 2023

Organization, Information security operations center, CVE, Risk, Blog, Common Vulnerability Scoring System, Security operations center, Social Security Trust Fund, National Security Advisor (India), Severity, Security, Health, IDC, Overalls, Environment, Risk management

SANTA CLARA, Calif., Dec. 6, 2023 /PRNewswire/ -- Malwarebytes, a global leader in real-time cyber protection, today announced its comprehensive vulnerability assessment module is now included in every ThreatDown bundle at no additional cost via its integrated console. Many IT organizations are struggling with rising cybersecurity costs associated with annual vendor price increases and the necessity of adding more tools to protect against an ever-increasing attack surface. Malwarebytes, with its portfolio of award-winning ThreatDown solutions, is taking a different approach, helping customers reduce threats, security complexity and costs by providing a free vulnerability assessment.

Key Points:

Malwarebytes, with its portfolio of award-winning ThreatDown solutions, is taking a different approach, helping customers reduce threats, security complexity and costs by providing a free vulnerability assessment.
"Organizations need to prioritize prevention and strengthen their security posture, so they are less of an exploitable target," said Michael Suby, Research Vice President, Security & Trust, IDC.
Malwarebytes eliminates this conflict between security best practices and cost by pairing vulnerability assessment with its Security Advisor dashboard for free."
ThreatDown Vulnerability Assessment allows Malwarebytes customers to identify critical vulnerabilities and prioritize actions needed before open vulnerabilities can be exploited in a cyberattack.

75% of the Industrial Sector Experienced a Ransomware Attack in the Past Year, Claroty Study Finds

Retrieved on:

Wednesday, December 6, 2023

NEW YORK, Dec. 6, 2023 /PRNewswire/ -- Claroty, the cyber-physical systems protection company, today released new research showing that 75% of respondents reported being targeted by ransomware in the past year. The report, "The Global State of Industrial Cybersecurity 2023: New Technologies, Persistent Threats, and Maturing Defenses," is based on a global independent survey of 1,100 information technology (IT) and operational technology (OT) security professionals who work in critical infrastructure sectors, exploring industry challenges faced in the past year, their impact on OT security programs, and priorities moving forward.

Key Points:

The study shows that, when it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments.
In Claroty's previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27% impacted both IT and OT.
Today, 21% impact IT only, while 37% impact both IT and OT – a significant 10% jump for the latter in just two years.
This trend speaks to the expanding attack surface area and risk of operational disruption that comes with IT/OT convergence.

Morphisec Fortifies Capabilities with Next-gen Risk-Based Vulnerability Prioritization for Exposure Management

Retrieved on:

Tuesday, November 28, 2023

BOSTON and BEER-SHEVA, Israel, Nov. 28, 2023 /PRNewswire-PRWeb/ -- Morphisec, the world's leading provider of prevention-first endpoint security software, today announced the launch of a risk-based vulnerability prioritization capability for exposure management.

Key Points:

Morphisec's risk-based vulnerability prioritization capability prioritizes the vulnerabilities that pose the greatest risk, based on a unique risk profile.
Present vulnerability management practices are typically driven by the Common Vulnerability Scoring System (CVSS) to identify high severity vulnerabilities for patch prioritization and mitigation efforts.
In this reality, CVSS driven vulnerability management programs insufficiently align mapped CVEs to the organization's actual risk.
Vulnerability exploitation is a leading cause of breaches — without a risk-based approach to vulnerability management organizations face greater risk of advanced attacks like ransomware."

Apple IT and Security Experts Gather for the 14th Annual Jamf Nation User Conference to Hear the Latest in Security and Device Management

Retrieved on:

Tuesday, September 19, 2023

AUSTIN, Texas, Sept. 19, 2023 (GLOBE NEWSWIRE) -- Today, Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, kicked off its 14th annual Jamf Nation User Conference (JNUC) both virtually and in-person in Austin, Texas.

Key Points:

AUSTIN, Texas, Sept. 19, 2023 (GLOBE NEWSWIRE) -- Today, Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, kicked off its 14th annual Jamf Nation User Conference (JNUC) both virtually and in-person in Austin, Texas.
It’s bringing together management, identity and security required to be successful with Apple at Work.
Earlier this year, Jamf Pro added support for Rapid Security Response updates to provide admins with complete visibility and control over important security updates.
Jamf announced its new AI-powered support bot that will serve Jamf Nation, the largest community of Apple admins in the world.

Keysight and Synopsys Partner for IoT Device Cybersecurity

Retrieved on:

Thursday, September 21, 2023

Keysight Technologies, Inc. (NYSE: KEYS) and Synopsys, Inc. are partnering to provide internet of things (IoT) device makers with a comprehensive cybersecurity assessment solution to ensure consumers are protected when devices are shipped to market.

Key Points:

Keysight Technologies, Inc. (NYSE: KEYS) and Synopsys, Inc. are partnering to provide internet of things (IoT) device makers with a comprehensive cybersecurity assessment solution to ensure consumers are protected when devices are shipped to market.
Under the arrangement, the Synopsys Defensics® fuzzing tool will be embedded as an option into the Keysight IoT Security Assessment solution.
The global IoT device market is experiencing notable growth due to the rise in adoption of IoT devices and is projected to reach a market value of $413.7 billion by 2031.
According to Palo Alto Networks IoT Threat Report, the vulnerability of IoT devices makes them easy targets with 57% of IoT devices at risk of medium or high-severity attacks.

Arduino board with Foundries.io security technology is world's first SoM to offer out-of-the-box compliance with new EU security law

Retrieved on:

Tuesday, September 12, 2023

The CRA specifies a minimum set of security features to be mandatory for all IoT devices marketed in Europe from 2025.

Key Points:

The CRA specifies a minimum set of security features to be mandatory for all IoT devices marketed in Europe from 2025.
The legislation requires device OEMs to build in functionality to secure each device, its software and its connections.
Arduino has met the requirements of the EU's CRA by building the Linux microPlatform™ (LmP) and FoundriesFactory® DevOps product from Foundries.io into the Portenta X8 SoM.
The Portenta X8 offers the comprehensive suite of security functions provided by the Linux microPlatform and FoundriesFactory platform, including:

Arduino board with Foundries.io security technology is world's first SoM to offer out-of-the-box compliance with new EU security law

Retrieved on:

Tuesday, September 12, 2023

The CRA specifies a minimum set of security features to be mandatory for all IoT devices marketed in Europe from 2025.

Key Points:

The CRA specifies a minimum set of security features to be mandatory for all IoT devices marketed in Europe from 2025.
The legislation requires device OEMs to build in functionality to secure each device, its software and its connections.
Arduino has met the requirements of the EU's CRA by building the Linux microPlatform™ (LmP) and FoundriesFactory® DevOps product from Foundries.io into the Portenta X8 SoM.
The Portenta X8 offers the comprehensive suite of security functions provided by the Linux microPlatform and FoundriesFactory platform, including:

Trend Micro ZDI Surpasses 1000 Published Advisories in 1H 2023 In Continued Commitment to Coordinated Disclosure

Retrieved on:

Wednesday, August 9, 2023

DALLAS, Aug. 9, 2023 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced at Black Hat USA 2023 that its Zero Day Initiative program has published advisories addressing over 1000 unique vulnerabilities in 2023. The real-world impact if these vulnerabilities were to be weaponized would amount to time and financial losses of over 10 times the cost of prevention.

Key Points:

DALLAS, Aug. 9, 2023 /PRNewswire/ -- Trend Micro Incorporated ( TYO: 4704 ; TSE: 4704 ), a global cybersecurity leader, announced at Black Hat USA 2023 that its Zero Day Initiative program has published advisories addressing over 1000 unique vulnerabilities in 2023.
"A concerning trend is being documented of companies lacking transparency around vulnerability disclosure vendor patching, which pose a threat to the security of the digital world."
Today, Trend is calling for an end to silent patching – the practice of slowing or diluting public disclosure and documentation of vulnerabilities and patches.
During a session at Black Hat USA 2023, Trend Research representatives revealed that silent patching has become particularly common among cloud providers.