Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/24/2021
09:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CyberRatings.org Announces Non-Profit Status

AUSTIN, Texas – March 23, 2021 – CyberRatings.org, established in December 2020, has
launched a non-profit entity to offer the widest range of independent, evidence-based services to its members and the cybersecurity community at large.

Peter Armstrong, The Senior Cyber Subject Matter Expert at Munich Re Group, is joining the
CyberRatings.org Board of Directors. Armstrong’s expertise is in cyber risk management and
quantification of cyber risk exposure for large organizations. He is a thought leader in
developing responses to cyber risk capital issues facing the very largest industrial enterprises, the enterprise risk management challenges they face and the necessary insurance responses. He is a Fellow of the United Kingdom’s Institute of Directors.

Armstrong operated in the Defense, Intelligence and Security Sector leading cyber defense
activities with a focus on industrial control systems and operational technology in Energy
(including Nuclear), Utilities, Transportation, Primary Industries and manufacturing (notably
Aviation, Automotive, Capital Projects and High Tech).

“As the pace of technology adoption increases, particularly cloud and edge technologies, it’s
critical for enterprises to select appropriate cyber defense technologies and be confident that
those technologies are fit for purpose. This will require broad-based, independent, evidence-
based testing of the capabilities of those technologies because not all vendors’ claims withstand scrutiny. I’m delighted to be part of the establishment of CyberRatings.org as the non-profit provider of independent testing and ratings of these important cyber technologies,” said Armstrong. “The cyber threat train is leaving the station: effectiveness visibility delivered
through testing and ratings will help make sure we’re not left queueing at the ticket office.”
“We are delighted to have Peter’s insights and expertise,” said Vikram Phatak, Chairman and
CEO. “His cyber risk management expertise is key to helping us build impactful, scalable
programs.

As the global economy emerges from the pandemic, digital transformation is accelerating with
the breadth of the cyber threat landscape growing fast. The reliance on cyber defense technology vendors has never been greater. “Unfortunately, not all technologies are created equal. A ratings system serves as a universal translator to help consumers understand their options.” adds Phatak.

Also joining the Board are Cathy Main, President; and Carma Austin, Executive Vice President.
Main has 30 years of experience in executive management and strategic business development. Her last position was at NSS Labs as Vice President of Marketing and Corporate Relations. Austin has over 25 years of technology industry experience in developing go to market strategies for both enterprise and channel sales organizations. She was most recently at IBM serving as Worldwide Leader Security Intelligence SaaS, and prior, served as Vice President of Sales for NSS Labs.


Registered as a 501(c)6, CyberRatings.org programs will initially focus on becoming a center of
excellence for cybersecurity in three areas: a) security product testing, b) self-assessment
programs, and c) how-to guides. The laboratory testing environment and subsequent ratings
publications are the first step, with ratings programs underway since the organization’s inception.


Going forward, CyberRatings intends to provide members with methodologies, procedures and
tools to do their own testing. These self-assessment tools will help people to better understand
their organization’s risk by identifying how a product is performing in the field and uncovering
problems that might otherwise go undetected.


CyberRatings has already published Product Ratings on Enterprise Firewall + SSL/TLS and
Software Defined Wide Area Networks (SD-WAN) in the past three months.
  
Additional Resources
 Follow CyberRatings.org on Twitter
 Follow CyberRatings.org on LinkedIn

###    

About CyberRatings.org  
CyberRatings.org is dedicated to quantifying cyber risk and providing transparency on
cybersecurity product efficacy through testing and ratings programs. To become a
member, visit www.cyberratings.org

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27394
PUBLISHED: 2021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions <...
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.