Compliance and Data Security:Do They Ever Meet?In my years working with technology and security data in the information security industry, I've heard numerous people confuse the word "compliance" with "security". We've all heard the stories in the news about an organization or company that was supposedly compliant with a particular ISO or NIST program imposed on them, only to find that later on...

This article was originally published on U.S. Chamber of Commerce on April 08, 2019.If you could create your own fantasy Board of Directors, who would be on it? CO— connects you with thought leaders from across the business spectrum and asks them to help solve your biggest business challenges. In this edition, a CO— reader asks how to improve a business’s cybersecurity when expert help isn’t...

Although phishing attacks can occur against individuals, we will primarily focus on attacks against organizations in this post. We will use the term organization to represent governments, educational and healthcare institutions, and commercial businesses, but we will draw distinctions in the “bounty” sought after in each industry. So, let’s get started…What is Phishing?There are lot of “nice” or ...

A vulnerability has been identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT). The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.SoftNAS has provided a patch for the vulnerability identified on the application. The...

Learn about a recent example of the damage insider attacks can cause, and how your organization can prevent them.

Find out the type of cyber threats that endanger organizations (and their ratings), and how they can protect themselves.

Exploiting CVE-2018-19864- Samuel S., Senior Vulnerability ResearcherDuring an audit of NUUO’s NVRmini2, a stack overflow vulnerability was discovered in a request handling function in the ‘lite_mv’ custom SIP service binary. The NUUO NVRmini2 runs a custom SIP service on TCP ports 5160 and 5150 via a binary at /NUUO/bin/lite_mv. In order to examine this bug more closely, we analyze the function...

How much security is really necessary to protect yourself? Read on for tips on how to best protect your organization and avoid becoming a headline.

NUUO Zero-Day BlogA vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.NUUO has provided a patch for the vulnerability identified on the application. The patched...

Read on to learn about the different types of cloud environments, and the biggest security obstacle each presents.

We are disclosing four previously undisclosed vulnerabilities within the Arcserve Unified Data Protection platform. The vulnerabilities can open the door for potential compromise of sensitive data through access to credentials, phishing attacks and the ability for a hacker to read files without authentication from the hosting system.________________________________________TitleDDI-VRT-2018-18 -...

Upgrade Your Network ScannerFree scanners are great – up to a point. That point is when your network reaches a critical size, your assets have acquired a critical value or your company, industry (or Uncle Sam) has set new compliance requirements that those freebee tools just can’t handle.Running multiple network scanning tools is a painEveryone has a half dozen network scanners sitting around and...

Port scanning tools – just the first step to network securityYour port scanning tools are nice, but...When your network reaches a critical size, your assets have acquired a critical value or when new compliance standards hit, your port scanning tools may have reached their limit. It’s the job of vulnerability assessment and management tools to combine port scanning with the investigation of...

Get the answers to some of the hottest capacity management questions.

IP scanning for growing or distributed networksYour IP Scanner more problem than help?When your network reaches a critical size, your assets have acquired a critical value or you have new compliance requirements - your freebee IP scanner just can't handle it. beSECURE (now part of Fortra Vulnerability Management) can. It your best step up into the corporate vulnerability assessment and management...

The three crumbling pillars of network securityWhy is network security getting harder?Access control, firewall and Intrusion Prevention Systems are failing to keep attackers from reaching vulnerable systems and network administrators have added as many layers beyond those as possible to no avail. This is a problem because successful attacks are often done with these solutions in place and being...