Apple fixes critical iOS bug for the second time: iPhone users need to patch the patch

Trusted Reviews | August 28, 2019

Apple has released a second fix for an iOS vulnerability that could be used by hackers to install malicious code on iPhones and iPads. The second fix is available now as part of Apple’s latest iOS 12.4.1 update. The flaw was spotted back in March by Ned Williamson from Google’s Project Zero team. Google Project Zero is a security initiative designed to find security flaws in popular technologies. It gives companies a set amount of time to fix newly discovered flaws before publishing its research. Apple initially fixed the flaw as part of its iOS 12.3 update, but reports then broke the unc0ver jailbreak tool could successfully exploit it on iOS 12.4 appeared late last week. Apple doesn’t comment on security issues, but the appearance of a second fix for the vulnerability suggests the toolkit’s claim may be accurate. If so that would mean Apple unintentionally may have accidentally reopened the vulnerability after fixing it.

Spotlight

Information Security is a general term used to describe the measures an organization takes to protect the confidentiality, integrity and availability (CIA) of sensitive or confidential information. Information security awareness training is an essential element of any organization’s information security program. Its purpose is to equip staff with the knowledge necessary to help protect the organization’s assets, including client and personnel information. However, some information security awareness training programs barely provide the necessary information to be considered an effective means of ensuring employees understand not only how to protect the organization’s information but why it is important to protect that information.

Spotlight

Information Security is a general term used to describe the measures an organization takes to protect the confidentiality, integrity and availability (CIA) of sensitive or confidential information. Information security awareness training is an essential element of any organization’s information security program. Its purpose is to equip staff with the knowledge necessary to help protect the organization’s assets, including client and personnel information. However, some information security awareness training programs barely provide the necessary information to be considered an effective means of ensuring employees understand not only how to protect the organization’s information but why it is important to protect that information.

Related News

NETWORK THREAT DETECTION

JMP Securities Recognizes Contrast Security as an Elite 80 Cybersecurity Company

Contrast Security | June 20, 2022

Contrast Security announced that it has been recognized for the fourth year to the JMP Securities Elite 80, a list of the hottest, most fascinating, most strategically positioned privately-owned cybersecurity and IT infrastructure firms. The eighth annual JMP Securities Elite 80 study includes not just technological industry leaders but also the future giants of the cybersecurity and IT infrastructure industries. Contrast was recognized as an Elite 80 company for its Contrast Secure Code Platform, accelerating innovation speed. It moves secure code across the application development pipeline and constantly safeguards applications throughout the entire software lifecycle. As a result, Contrast is relied upon by many of the world's foremost corporate and public companies to secure their apps in development and extend protection to the cloud and on-premises applications in production. "Being named a JMP Elite 80 company for the fourth consecutive year is validation that our technology is very unique and in high demand. Our platform provides actionable findings that developers can use to find code vulnerabilities, remediate them quickly and then ship business critical software that is safe from ongoing cyber attacks." Alan Naumann, Chief Executive Officer at Contrast Security The JMP Elite 80 report states, "One clear data point validating our thesis that now is the time for new vendors to emerge is the funding environment, as venture capital and private equity investors dramatically stepped up their investing in 2021. More specifically, the companies in our Elite 80 report raised almost $7 billion in 2021, whereas the Elite 80 raised $3 billion in 2020, which was the prior record. Those vendors that are astute enough to recognize the opportunity at hand and that can capitalize on differentiated technologies not only position themselves to survive the pandemic but are in position to become dominant market leaders." It is time to cease distributing software with significant security flaws. The Contrast Protect Code Platform provides 10x quicker scan times, 3x more accurate results, and 45x faster defect resolution, enabling developers to secure their code as they write it.

Read More

SOFTWARE SECURITY

BlueVoyant Recognized as the 2022 Microsoft U.S. Security Partner of the Year Winner

BlueVoyant | July 05, 2022

BlueVoyant, a rock-solid cyber defense platform company converging internal and external security, today announced it has won the 2022 Microsoft Security U.S. (MSUS) Partner of the Year award. The Microsoft Partner of the Year Awards recognize Microsoft partners who have developed and delivered outstanding Microsoft-based applications, services, and devices during the past year. The MSUS Partner Awards were created to supplement Microsoft's Partner of the Year program, both of which recognize outstanding work by Microsoft partners. The MSUS awards highlight US-specific partner impact. "BlueVoyant and Microsoft both recognize that cybersecurity is a team sport. "BlueVoyant has developed enablement technologies and scalable services to help customers maximize their Microsoft Security investments — bringing together the very best of both companies to drive the outcomes our customers demand. We are honored that Microsoft named BlueVoyant its prestigious U.S. Security Partner of the Year, among other recent accolades. We look forward to continuing to work closely with Microsoft to deliver the very best in cybersecurity to our joint customers." Milan Patel, global head of managed security services (MSS) at BlueVoyant The MSUS Partner of the Year Award recognizes BlueVoyant's commitment and trust that stands behind the company's cloud-native and outcomes-based platform, BlueVoyant Elements™. The platform helps companies across a variety of industries improve their cyber defense posture. Elements not only continuously monitors for problems, but also takes action against any vulnerabilities, risks, or threats, usually in a matter of minutes. The platform is based on three key pillars that help give clients the advantage over attackers — technology, telemetry, and talent. BlueVoyant has more than 700 customers, and 650 employees across five continents, with a proven track record of sustained high growth. The U.S. Security Partner of the Year award is the latest in a long list of accolades BlueVoyant has won from Microsoft. In 2021, BlueVoyant was named a Microsoft Security 20/20 Partner Awards Winner for Top MDR (Managed Detection and Response) Team. BlueVoyant was a 2022 finalist in the Microsoft Security Excellence Awards for Security MSSP (Managed Security Service Provider) of the Year. In addition, the company is a finalist for the Microsoft Canada 2022 Impact Awards in two categories — Healthcare Impact Award and Security Impact Award. BlueVoyant was also named as one of Microsoft's top 150 managed security partners. In May, BlueVoyant announced that the company was a key design partner for Microsoft's three new security services, including Microsoft Security Experts for hunting, a proactive threat hunting expert service; Microsoft Security Experts for XDR, a new hunting service that extends beyond endpoint hunting; and Microsoft Enterprise Security Services for customers looking for more tailored, hands-on help with security posture management, modernization and proactive hunting. About BlueVoyant BlueVoyant converges internal and external cyber defense capabilities into an outcomes-based, cloud-native platform called BlueVoyant Elements™. Elements continuously monitors your network, endpoints, attack surface, and supply chain as well as the open, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver rock-solid cyber defense capabilities to more than 700 customers across the globe.

Read More

DATA SECURITY

Imperva Extends its Data Security Fabric to Include Enterprise Data Lakes Built on AWS

Imperva | July 27, 2022

Imperva, Inc., a comprehensive digital security leader, announces that its award-winning Imperva Data Security Fabric (DSF) now provides data-centric protection and compliance for enterprise data lakes built on Amazon Web Services (AWS). Imperva reinforces its commitment to securing data and all paths to it by allowing AWS customers to secure their data with one comprehensive platform, leveraging a unified security model across Amazon Aurora, Amazon Redshift, Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, Amazon Athena, and AWS CloudFormation without requiring any changes to their existing data infrastructure. Many security teams have gaps in their resources and domain expertise required to ensure their data lake meets organizational compliance and security policies. In particular, organizations must be able to simultaneously identify when a compromised user accesses sensitive data, while also preventing data from being stolen by malicious insiders. These gaps can mean that organizations must choose between limiting the data they store in a data lake, and putting themselves at risk of non-compliance, or in the worst-case scenario, a data breach. Many security teams have gaps in their resources and domain expertise required to ensure their data lake meets organizational compliance and security policies. In particular, organizations must be able to simultaneously identify when a compromised user accesses sensitive data, while also preventing data from being stolen by malicious insiders. These gaps can mean that organizations must choose between limiting the data they store in a data lake, and putting themselves at risk of non-compliance, or in the worst-case scenario, a data breach. Imperva DSF includes User Entity Behavior Analytics (UEBA) models that can identify suspicious data access patterns, such as excessive access to sensitive records, the use of privileged service accounts by interactive users, and suspicious network connections. This helps organizations automatically identify and detect potential data breaches without the need for specialized data security analysts. Finally, with Imperva DSF, security operations teams can create playbooks to automatically mitigate threats using native AWS features like security groups or revoking user access using AWS IAM. This ensures organizations stay in compliance while also helping to prevent data breaches. Comprehensive Data Security From one holistic dashboard, Imperva DSF delivers a broad range of data security capabilities – including data discovery, classification, monitoring, access control, risk analytics, compliance management, security automation, threat detection, and audit reporting. This makes it easier for customers to protect the migration of sensitive data, including Personally Identifiable Information (PII) like customer names, email addresses, phone numbers, and gender, and adhere to privacy regulations, such as the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI-DSS), and the Health Insurance Portability and Accountability Act (HIPAA). Tens of thousands of organizations build data lakes on AWS and configure AWS Lake Formation, AWS Identity and Access Management (IAM), and Amazon Simple Storage Service (Amazon S3) policies to secure access to them. Imperva DSF leverages services like AWS Lake Formation and AWS Glue to discover data lakes, monitor how users query and access stored data, and detect and prevent malicious user access and data leakage incidents. Imperva DSF also safeguards critical data workloads across all of their databases, file repositories, data warehouses, multicloud, and data lake environments. Imperva Data Security Fabric can be deployed directly in any AWS Regions using pre-built AWS CloudFormation templates. Once deployed, Imperva DSF will begin discovering and monitoring data lakes. More than 400 pre-defined vulnerability assessment tests are available for cloud databases on AWS. Also, Imperva DSF takes the complexity out of deciding which baselines to establish by including policies based on Center for Internet Security (CIS) and Defense Information System Agency’s (DISA) Security Technical Implementation Guide (STIG) benchmarks that are adapted for the cloud. "AWS allows organizations to quickly and securely build solutions that help them to reach new markets and deliver new services to end users,” says Dan Neault, SVP and GM, Data Security, Imperva. “Imperva Data Security Fabric gives organizations building data lakes on AWS a streamlined experience for securing data, and confidence that their data lakes are in compliance.” About Imperva DSF on AWS The support of data lakes is the latest milestone in Imperva’s work with AWS. Imperva is an AWS Partner with the AWS Security Independent Software Vendor (ISV) Competency and Amazon RDS Ready Product validation. Imperva also participates in AWS Marketplace and AWS ISV Accelerate Program. About Imperva Imperva is the cybersecurity leader whose mission is to help organizations protect their data and all paths to it. Customers around the world trust Imperva to protect their applications, data and websites from cyber attacks. With an integrated approach combining edge, application security and data security, Imperva protects companies through all stages of their digital journey. Imperva Research Labs and our global intelligence community enable Imperva to stay ahead of the threat landscape and seamlessly integrate the latest security, privacy and compliance expertise into our solutions.

Read More