The constantly evolving cyber risk landscape presents a formidable challenge to organizations, as businesses transform, scopes and boundaries shift, and bad actors develop new tactics and techniques to exploit vulnerabilities and compromise systems.
With the rate of risk velocity increasing faster than the resources of most risk-focused teams, collaboration and working together smarter is one of the only ways to keep up. Creating solid partnerships, embracing transparency, and developing consistent strategies for mitigating cyber risk is essential to navigating this complex landscape.
Read more…
Source: Auditboard
Related:
- Cisco Releases Security Advisory for Webex App
April 17, 2025
Cisco has released a security advisory to address a high severity vulnerability affecting Webex App, regardless of configuration or operating system. Cisco Webex is a web conferencing software solution. CVE-2025-20236 is an ‘insufficient input validation’ vulnerability with a CVSSv3 score of 8.8. If exploited, a remote, unauthenticated attacker could achieve remote code execution (RCE) by persuading ...
- Apple says zero-day bugs exploited against ‘specific targeted individuals’ using iOS
April 16, 2025
Apple has released new software updates across its product line to fix two security vulnerabilities, which the company said may have been actively used to hack customers running its mobile software, iOS. In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which “may have been exploited in an extremely sophisticated ...
- ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains
April 15, 2025
In this blog entry, Trend Micro researchers look at overly permissive cloud service credentials in Microsoft’s public-facing assets and assess their potential implications on software supply chain and software integrity. We do this by exploring two scenarios involving PC Manager, a tool designed to help optimize and manage Windows computers. PC Manager includes features for cleaning ...
- Fortinet Releases Security Updates for FortiOS and FortiGate
April 11, 2025
Fortinet has released security updates for FortiOS to mitigate novel post-exploitation activity observed against FortiGate devices. The disclosure details a new persistence technique used by an attacker, in conjunction with known vulnerabilities, to maintain read-only access to FortiGate devices through the use of symbolic links even after the initial access vector has been remediated. Fortinet has ...
- Patch Tuesday – April 2025
April 9, 2025
Microsoft is addressing 121 vulnerabilities this April 2025 Patch Tuesday, which is more than twice as many as last month. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, which is already reflected in CISA KEV. Once again, Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them ...
- Google fixes two actively exploited zero-day vulnerabilities in Android
April 8, 2025
Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published. The term reflects the amount of time that a vulnerable organization ...