cybersecurity
Firms need to disclose any cybersecurity incident they determine to be material and to describe the material aspects of the incident's nature, scope, and timing within four days.
"Institutions continue to report gaps in risk control areas considered fundamental to cyber hygiene, such as proper identity and access management, timely vulnerability patching or network security"
IBM is providing a custom "Asset, Configuration, Patching and Vulnerability” service with a special focus on vulnerability management.
You're probably exposed to rootkit risk, because vendors wanted their logos to show during boot processes -- everything's broken, howl into the abyss, why's this security advisory on a domain like https://9443417.fs1.hubspotusercontent-na1.net anyway?
Hackers gained access to an employee account and pivoted to staging environment, but did not move laterally, company says.
"When we see a vulnerability or intrusion campaign that could have been reasonably avoided if the software manufacturer had aligned to secure by design principles, we’ll call it out"
ownCloud claims 200,000 installations, 600 enterprise customers, and 200 million users with customers including the European Commission.
Hey criminals! Fire an HTTP GET request. Grab system memory including session cookies issued post-authentication. Don't worry about logs. Pillage and loot. Thanks, Citrix.
Incident comes weeks after the Application Performance Monitoring firm was taken private in a $6.5 billion buyout