While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs.
The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats.
“Rules of engagement for cyberthreat actors are constantly innovating to cause catastrophic and unavoidable situations,” said Michael Sampson, analyst at Osterman Research and author of the survey whitepaper. “Hence while cyber resilience is a hope for most organizations, the practices of building, testing, and improving cyber resilience are still immature at most organizations.”
Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments.
The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services.
“Aviatrix is the first to deliver a distributed cloud firewall,” said Rod Stuhlmuller, vice president of solutions marketing at Aviatrix. “Customers are no longer constrained by last-generation firewall architectures in the cloud. This changes the game and allows enterprises to both reduce cloud infrastructure costs and improve security immediately across all their public cloud environments.”
Russian national, Mikhail Pavlovich Matveev, has been charged and indicted for launching ransomware attacks against thousands of victims in the country and across the world, the US Department of Justice (DoJ) said in a press release.
The Department of State has also announced an award of up to $10 million for information that leads to the arrest and/or conviction of the Russian national.
“According to the indictment obtained in the District of New Jersey, from at least as early as 2020, Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, allegedly participated in conspiracies to deploy three ransomware variants,” DOJ said in a statement.
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.
It was discovered that runC incorrectly made /sys/fs/cgroup
writable when in rootless mode. An attacker could possibly
use this issue to escalate privileges. (CVE-2023-25809)
It was discovered that runC incorrectly performed access control when
mounting /proc to non-directories. An attacker could possibly use
this issue to escalate privileges. (CVE-2023-27561)
It was discovered that runC incorrectly handled /proc and
/sys mounts inside a container. An attacker could possibly
use this issue to bypass AppArmor, and potentially SELinux.
(CVE-2023-28642)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-28755)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possily use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 ESM. (CVE-2023-28756)
