Some industries are more vulnerable to cyber threats hence facing a high risk of experiencing data breaches or other types of cyber attacks in the future.

44% of CISOs surveyed reported they were unable to detect a data breach over the past 12 months using existing security tools, according to Gigamon. 70% of CISOs stated their existing security tools are not as effective as they could be when detecting breaches due to limited visibility.

Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.

Background

In January 1999, David E. Mann and Steven M. Christey published the paper “Towards a Common Enumeration of Vulnerabilities” describing an effort to create interoperability between multiple vulnerability databases. To achieve a common taxonomy for vulnerabilities and exposures, they proposed Common Vulnerabilities and Exposures (CVE). In September 1999, the MITRE Corporation finalized the first CVE list, which included 321 records. CVE was revealed to the world the following month.

As of October 2024, there are over 240,000 CVEs. including many that have significantly impacted consumers, businesses and governments. The Tenable Security Response Team has chosen to highlight the following 25 significant vulnerabilities, followed by links to product coverage for Tenable customers to utilize.

25 Significant CVEs

CVE-1999-0211: SunOS Arbitrary Read/Write Vulnerability

CVE-2010-2568: Windows Shell Remote Code Execution Vulnerability

CVE-2014-0160: OpenSSL Information Disclosure Vulnerability

CVE-2014-6271: GNU Bash Shellshock Remote Code Execution Vulnerability

CVE-2015-5119: Adobe Flash Player Use After Free

CVE-2017-11882: Microsoft Office Equation Editor Remote Code Execution Vulnerability

CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability

CVE-2017-5638: Apache Struts 2 Jakarta Multipart Parser Remote Code Execution Vulnerability

CVE-2019-0708: Remote Desktop Services Remote Code Execution Vulnerability

CVE-2020-0796: Windows SMBv3 Client/Server Remote Code Execution Vulnerability

CVE-2019-19781: Citrix ADC and Gateway Remote Code Execution Vulnerability

CVE-2019-10149: Exim Remote Command Execution Vulnerability

CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability

CVE-2017-5753: CPU Speculative Execution Bounds Check Bypass Vulnerability

CVE-2017-5754: CPU Speculative Execution Rogue Data Cache Load Vulnerability

CVE-2021-36942: Windows LSA Spoofing Vulnerability

CVE-2022-30190: Microsoft Windows Support Diagnostic Tool Remote Code Execution

CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability

CVE-2021-26855: Microsoft Exchange Server Server-Side Request Forgery Vulnerability

CVE-2021-34527: Microsoft Windows Print Spooler Remote Code Execution Vulnerability

CVE-2021-27101: Accellion File Transfer Appliance (FTA) SQL Injection Vulnerability

CVE-2023-34362: Progress Software MOVEit Transfer SQL Injection Vulnerability

CVE-2023-4966: Citrix NetScaler and ADC Gateway Sensitive Information Disclosure Vulnerability

CVE-2023-2868: Barracuda Email Security Gateway (ESG) Remote Command Injection Vulnerability

CVE-2024-3094: XZ Utils Embedded Malicious Code Vulnerability

Identifying affected systems

A list of Tenable plugins for these vulnerabilities can be found on the individual CVE pages:

• CVE-1999-0211
• CVE-2010-2568
• CVE-2014-0160
• CVE-2014-6271
• CVE-2015-5119
• CVE-2017-11882
• CVE-2017-0144
• CVE-2017-5638
• CVE-2019-0708
• CVE-2020-0796
• CVE-2019-19781
• CVE-2019-10149
• CVE-2020-1472
• CVE-2017-5753
• CVE-2017-5754
• CVE-2021-36942
• CVE-2022-30190
• CVE-2021-44228
• CVE-2021-26855
• CVE-2021-34527
• CVE-2021-27101
• CVE-2023-34362
• CVE-2023-4966
• CVE-2023-2868
• CVE-2024-3094

As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.

With the explosion of data being generated and stored in the cloud, hackers are creating new and innovative attack techniques to gain access to cloud environments and steal data. A review of recent major data breaches shows us that data thieves are using social engineering, hunting for exposed credentials, looking for unpatched vulnerabilities and misconfigurations and employing other sophisticated techniques to breach cloud environments.

A look at recent cloud data-breach trends

Here are some takeaways from major data breaches that have occurred this year:

• Managing the risk from your third-parties – partners, service providers, vendors – has always been critical. It’s even more so when these trusted organizations have access to your cloud environment and cloud data. You must make sure that your third-parties are using proper cloud-security protections to safeguard their access to your cloud data and to your cloud environment.
• Secure your identities. We’ve seen major data breaches this year tracked down to simple missteps like failing to protect highly-privileged admin accounts and services with multi-factor authentication (MFA). 
• Adopt best practices to prevent ransomware attacks, and to mitigate them if you get hit by one. Ransomware gangs know that a surefire way to pressure victims into paying ransoms is to hijack their systems and threaten to expose their sensitive data. 

So, how can you strengthen your data security posture against these types of attacks?

1. Implement a "zero trust" security framework that requires all users, whether inside or outside the organization, to be authenticated, authorized and continuously validated before being granted or maintaining access to data. This framework should allow only time-limited access and be based on the principle of least privilege, which limits access and usage to the minimum amount of data required to perform the job.
2. Use a cloud data security posture management (DSPM) solution to enforce the security framework through continuous monitoring, automation, prioritization and visibility. DSPM solutions can help organizations identify and prioritize data security risks based on their severity, allowing them to focus their resources on the most critical issues.
3. Regularly conduct risk assessments to detect and remediate security risks before they can be exploited by hackers. This can help prevent data breaches and minimize the impact of any security incidents that do occur.
4. Train employees on security best practices, including how to create strong passwords, how to identify risks and how to report suspicious activity.

By following these recommendations, organizations can significantly reduce their risk of a data breach and improve handling sensitive data belonging to their organization. As more and more data moves to the cloud and hackers become more sophisticated, it's essential to prioritize security and take proactive measures to protect against data risks. 

Learn more

• Webinar: Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?
• Data Sheet: Data Security Posture Management (DSPM) Integrated into Tenable Cloud Security
• Data Sheet: Securing AI Resources and Data in the Cloud with Tenable Cloud Security
• Infographic: When CNAPP Met DSPM
• Video: Demo Video: Data Security Posture Management and AI Security Posture Management

The company must invest $15.75m to strengthen its cybersecurity and pay a penalty of $15.75m to the US Treasury.

Read more: T-mobile reaches $31.5m settlement with FCC over cybersecurity breaches

More than half of all breaches occurred in the Department of Social Protection, data revealed.

Read more: Human error the leading cause of Government data breaches

India's retail inflation rose to 6.21 percent in October. This is a significant increase from September's 5.49 percent. Food prices are the main reason for this surge. This is the first time since August that inflation has gone beyond the Reserve Bank of India's 6 percent limit. The rise in onion prices is a major concern.

More than 37,500 Delaware agents, policyholders, beneficiaries impacted Following the receipt of additional data breach reports from insurers, including those related to the breach of the MOVEit file transfer services system used by third-party vendors, the Delaware Department of Insurance is updating this consumer alert and will be updating the online posting as information is […]

This year’s average global temperature is almost certain to exceed 1.5°C above pre-industrial times – a milestone that should spur urgent action, say climate scientists

This year’s average global temperature is almost certain to exceed 1.5°C above pre-industrial times – a milestone that should spur urgent action, say climate scientists

Bad news for LinkedIn in Europe, where the Microsoft-owned social network has been reprimanded and fined €310 million for privacy violations related to its tracking ads business. The administrative penalties, which are worth around $335 million at current exchange rates, have been issued by Ireland’s Data Protection Commission (DPC) under the European Union’s General Data […]

© 2024 TechCrunch. All rights reserved. For personal use only.

At least a dozen stations recorded an Air Quality Index (AQI) of over 350, falling in the 'very poor' air category.

Some of the areas worst affected by air pollution included Wazirpur (AQI at 421), Jahangirpuri (419) and Anand Vihar (403), where the air quality dropped to 'severe' levels.

The consumer price index-based inflation was 4.87 per cent in October 2023.

We have notified you in an earlier e-briefing of additional powers being granted to the Information Commissioner's Office (ICO) to take enforcement action against breaches of the Data Protection Act (DPA). A new power to is...

Almost 500 possible breaches of level-3 rules have been reported to police this weekend, as many Kiwis prepare for what they hope will be a move to level 2 this week.People flocked to beach suburbs and took waterfront walks in cities...

Canada hit by COVID cheque fraud; Webex, Teams under attack, more COVID email scams and three big data breaches Welcome to Cyber Security Today. It’s Friday May 8th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below: It didn’t take long for cybercriminals to take advantage…

Dylan Nacass, 23, managed to escape with minor lacerations after a shark latched onto his leg while surfing at Bell's Beach in Torquay, Victoria on Friday afternoon.

Dylan Nacass, 23, managed to escape with minor lacerations after a shark latched onto his leg while surfing at Bell's Beach in Torquay, Victoria on Friday afternoon.

Labor Department reported the USunemployment rate rose to 14.7 percentlast month, up from 3.5 percentin February

Three aides working for US President Donald Trump, vice-president Mike Pence, and first daughter Ivanka Trump have tested positive for the novel coronavirus this week. This has brought the pandemic to within a degree of the center of power in the US.

Coronavirus breaches White House as rest of America re-opens

White House economic adviser Kevin Hassett said the unemployment rate was likely to climb to around 20% this month

All startups have one thing in common when it comes to cybersecurity: they all are at some level of risk of a costly data breach. Startup business owners may not even be aware of certain vulnerabilities including ransomware, phishing, data… Read More

The post Cybersecurity for Startups: A 5 Step Plan for Preventing Costly Data Breaches appeared first on Anders CPAs.

The health care industry is one of the biggest targets for cybersecurity attacks. In 2018 alone, nearly 300 data breaches affected 11.5 million patients, according to a Bitglass report. Cybercriminals see health care organizations as the perfect victim due to… Read More

The post Data Breaches in Hospitals are on the Rise – How Health Care Organizations Can Prevent Cybersecurity Attacks appeared first on Anders CPAs.

Former Queensland shadow police minister Trevor Watts says it was a mistake to have "driveway drinks" with neighbours — caught by a police patrol — with officers alleging it was more like a "street party" that did not follow coronavirus physical distancing rules.

As Tasmania lures more tourists with its wilderness charms, there are fears the method of holding tour operators accountable for licence breaches in precious wilderness areas is not up to the task.

The Fair Work Ombudsman releases a report revealing widespread breaches of workplace laws by Caltex franchisees.

Canberra's youth detention centre issues an apology and an undisclosed financial settlement after an Indigenous teenager filed a lawsuit alleging her human rights had been violated when she was separated from her peers and her belongings for two months.

A resident who was unable to access an emergency escape route during a fire was found standing on a windowsill hanging from guttering and had to be rescued by firefighters

(To watch the full press briefing with sign language interpretation, click here.)

Chief Executive Carrie Lam today said law enforcement agencies are investigating cases where police officers are suspected of breaching property rules and will give a full account to society.

Speaking to reporters before the Executive Council meeting this morning, Mrs Lam said nobody is above the law.

“The law will be applied in the same manner regardless of the status, the background, the political affiliation of that particular person.

“As far as I am concerned, as the Chief Executive of Hong Kong and also as an individual, no law-breaking behaviour is acceptable. But it is not for me to stand here to judge each and every case because every case or every complaint has to be investigated and analysed by the law enforcement agencies.

“I am sure that they will do it as diligently as possible and will give a full account to society, especially given the recent concerns.”

It’s been around for thousands of years; the UN General Assembly named an international year for it in 2013; and now it has been sent into space. Quinoa is a superfood in more ways than one. It is a good source of protein, the highest of all the whole grains; and its edible seeds provide all of the essential amino acids the body [...]

NordVPN and TorGuard VPN have suffered security breaches. Here's what happened and what it means for you (and our VPN reviews).

In Himachal around 90,000 persons returned home from other states on passes issued by state government in the past one week and another 20,000 plus are waiting to enter the state.

The Department of Health and Human Services' Office for Civil Rights provided a report to Congress on health information breaches from September 2009 through 2010, as required under the HITECH Act. Nearly 7.9 million Americans were affected by almost 30,800 health information breaches, according to the report.

The Department of Health and Human Services' Office for Civil Rights provided a report to Congress on health information breaches from September 2009 through 2010, as required under the HITECH Act. Nearly 7.9 million Americans were affected by almost 30,800 health information breaches, according to the report.

The Department of Health and Human Services' Office for Civil Rights provided a report to Congress on health information breaches from September 2009 through 2010, as required under the HITECH Act. Nearly 7.9 million Americans were affected by almost 30,800 health information breaches, according to the report.

WASHINGTON: Three aides working for US President , vice-president , and first daughter have tested positive for the novel this week. This has brought the pandemic to within a degree of the center of power in the US and made the White House an unexpected emerging hotspot even as large parts of America is now re-opening for business to very light footfall. All three principals and their spouses are reported to have tested negative for the virus. The White House has now updated its protocol to include daily tests for everyone entering the complex, though Trump himself is skeptical of the process and has disdained masking and social distancing guidelines outlined by his own administration. The...

The U.S. government reported more catastrophic economic fallout from the coronavirus crisis on Friday as the pandemic pierced the very walls of the White House and California gave the green light for its factories to restart after a seven-week lockdown.