Tenable

DECEMBER 12, 2021

Apache Log4j Flaw: A Fukushima Moment for the Cybersecurity Industry. Mon, 12/13/2021 - 00:55. The discovery of a critical flaw in the Apache Log4j software is nothing short of a Fukushima moment for the cybersecurity industry. Renaud Deraison.

Industry 111

Industry Open Source System Enterprise 111

Tenable

MAY 25, 2023

Background On May 24, several international agencies — including the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) in the U.S, Reports suggest that the group has been active since “at least 2021.” island territory of Guam.

Malware 52

Malware Windows Groups Internet 52

Cloudera

DECEMBER 13, 2021

On December 10th 2021, the Apache Software Foundation released version 2.15.0 of the Log4j Java logging library, fixing CVE-2021-44228 , a remote code execution vulnerability affecting Log4j 2.0-2.14. The situation is critical, and exploits and bypasses are beginning to propagate on the internet.

Software Review 125

Software Review Technical Review Open Source Technical Support 125

Tenable

JANUARY 19, 2024

Cybersecurity and Infrastructure Security (CISA) agency and the Federal Bureau of Investigation (FBI) said this week. To mitigate this risk, the agencies recommendations include: Using drones built with secure-by-design principles, such as those manufactured in the U.S. The upside?

Infrastructure 71

Infrastructure Malware Government Technical Review 71

Ivanti

APRIL 4, 2021

There is an additional Zero Day vulnerability being exploited in Internet Explorer and three publicly disclosed vulnerabilities to discuss this month. Please see the following for more information on the Microsoft Exchange Server Vulnerabilities: MSRC Blog. Exchange Team Blog. March 8 Exchange Team Blog.

Azure 82

Azure Windows Internet Advertising 82

Tenable

MARCH 17, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is intensifying its efforts to help reduce ransomware attacks against critical infrastructure. For more information, check out CISA’s description of the RVWP program, as well as coverage from The Record , CyberScoop , GCN , SC Magazine and NextGov. billion in 2021 to $10.3

Infrastructure 52

Infrastructure Groups ChatGPT Generative AI 52

Tenable

JULY 14, 2021

On July 9, SolarWinds published a security advisory for a significant security vulnerability in its Serv-U Managed File Transfer Server software, used for secure file transfers and file sharing. CVE-2021-35211. CVE-2021-35211 is a memory escape vulnerability in SolarWinds Serv-U Managed File Transfer Server.

Software Review 98

Software Review Systems Review Groups Research 98

Tenable

SEPTEMBER 22, 2023

Department of Homeland Security in its “ Homeland Threat Assessment 2024 ” report. CISA launched the Known Exploited Vulnerabilities (KEV) catalog in November 2021, in order to highlight an important criteria to consider when prioritizing which bugs to fix first: whether a vulnerability has been exploited in the wild. So says the U.S.

Insurance 70

Insurance Trends IoT Software Review 70

Lacework

MAY 5, 2022

Cloud computing describes the practice of accessing software, databases, and resources via the Internet instead of on local (also known as ‘on-premises’) hardware. At this time, establishing server securing meant focusing on physical measures and preventing unauthorized individuals from accessing the hardware. What Is Cloud Security?

Cloud 98

Cloud Development Team Review Software Review Systems Review 98

Tenable

JULY 15, 2022

Topics that are top of mind for the week ending July 15 | Government cybersecurity efforts tripped by technical debt. Neglect SaaS security at your own risk. Lessons learned about critical infrastructure security. 1 – Don’t downplay SaaS security. Want to learn more about security best practices for SaaS deployments? “

Weak Development Team 53

Weak Development Team Government Infrastructure Architecture 53

Tenable

APRIL 13, 2021

Microsoft addresses 108 CVEs, including CVE-2021-28310 — which has reportedly been exploited in the wild — as well as four new remote code execution vulnerabilities in Microsoft Exchange. Microsoft patched 108 CVEs in the April 2021 Patch Tuesday release, including 19 CVEs rated as critical, 88 rated as important and 1 rated as moderate.

Windows 101

Windows Azure SMB Report 101

Tenable

JUNE 8, 2021

Microsoft patched 49 CVEs in its June 2021 Patch Tuesday release, including five CVEs rated as critical and 44 rated as important. Tenable's Security Response Team is aware that others may be counting CVE-2021-33741 as part of Patch Tuesday. CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability.

3D 92

3D Windows Research Trends 92

Tenable

SEPTEMBER 22, 2021

On September 21, VMware published a security advisory addressing 19 vulnerabilities in vCenter Server, its centralized management software for VMware vSphere systems. CVE-2021-22005. CVE-2021-21991. CVE-2021-21991. CVE-2021-22006. CVE-2021-22011. CVE-2021-22015. CVE-2021-22012. CVE-2021-22012.

Analytics 103

Analytics Authentication Research Windows 103

Tenable

MARCH 11, 2021

On March 10, F5 published a security advisory for several critical vulnerabilities in BIG-IP and BIG-IQ , a family of hardware and software solutions for application delivery and centralized device management. CVE-2021-22986. CVE-2021-22987. CVE-2021-22988. CVE-2021-22989. CVE-2021-22990. CVE-2021-22990.

Software Review 99

Software Review Systems Review Authentication Policies 99

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . Cybersecurity and Infrastructure Security Agency (CISA). Log4j guidance from the U.S.

IoT 52

IoT Systems Review Guidelines Technical Review 52

Cloudera

DECEMBER 13, 2021

On December 10th 2021, the Apache Software Foundation released version 2.15.0 of the Log4j Java logging library, fixing CVE-2021-44228 , a remote code execution vulnerability affecting Log4j 2.0-2.14. The situation is critical, and exploits and bypasses are beginning to propagate on the internet.

Software Review 92

Software Review Technical Review Open Source Technical Support 92

Palo Alto Networks

SEPTEMBER 28, 2023

For example, threat actors are currently engaged in data theft in addition to ransomware in more than 70% of cases on average, compared to only about 40% of cases as of mid-2021. RDP misconfigurations make up 20% of all exposures we observe on the public-facing internet. Multi-extortion tactics continue to rise.

Technical Review 116

Technical Review Weak Development Team Internet Network 116

Tenable

SEPTEMBER 7, 2021

On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center software. CVE-2021-26084. This blog post was published on September 7 and reflects VPR at that time. Thousands of Confluence Servers are vulnerable to CVE-2021-26084. Image Source: Censys Blog.

Data Center 101

Data Center Software Review Authentication Linux 101

RapidValue

FEBRUARY 18, 2021

As more businesses shift to Cloud Computing, it is important to keep oneself abreast of the trends that Cloud Computing is bound to witness in 2021. Read on to know more about the five biggest Cloud Computing trends that 2021 will bring forth. Increasing Need for Data Security. billion in 2021. The Growth of Multi-Cloud.

Trends 98

Trends Cloud Artificial Intelligence Artificial Inteligence 98

Palo Alto Networks

NOVEMBER 22, 2021

The Palo Alto Networks global ecosystem team is proud to announce our 2021 Partners of the Year. Their expertise and commitment to our mission act as a catalyst, helping Palo Alto Networks make each day safer and more secure than the one before. 2021 Global Partners of the Year Winners: Global NextWave Partner of the Year: CDW.

.Net 52

.Net Network AWS Cloud 52

Tenable

JULY 7, 2023

1 – McKinsey: Generative AI will empower developers, but mind the risks Generative AI tools like ChatGPT will supercharge software developers’ productivity, but organizations must be aware of and mitigate the AI technology’s security and compliance risks. Dive into six things that are top of mind for the week ending July 7.

ChatGPT 52

ChatGPT Generative AI Tools Software Review 52

Kaseya

DECEMBER 1, 2021

On Tuesday, December 14, 2021, Microsoft released its monthly set of software security patches. Hence, they pose a greater security risk since your vulnerable systems are exposed until a patch becomes available. The December 2021 Security Update Release Notes can be found here. All About Patch Tuesday.

Windows 52

Windows Azure Video Malware 52

Tenable

JULY 14, 2022

The FBI’s Internet Crime Complaint Center (IC3) highlighted in its 2021 Internet Crime Report that 649 complaints of ransomware attacks were received from organizations in the critical infrastructure sector, a 7% increase over the prior year. However, the effects of security incidents on the supply chain can be overwhelming.

Infrastructure 52

Infrastructure Transportation Internet System 52

Tenable

OCTOBER 16, 2023

Background On October 16, Cisco’s Talos published a blog post warning of a zero-day vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software that has been exploited in the wild by unknown threat actors. CVE-2021-1435 is a command injection vulnerability affecting the Web UI of Cisco IOS XE software.

Software Review 109

Software Review Systems Review Authentication Transportation 109

TechCrunch

JUNE 27, 2021

Infina launched its app in January 2021. But according to the Vietnams Securities Depository , about 500,000 trading accounts were opened during the first five months of 2021, a 20% increase from all of 2020. The company notes that only about 3.2% of people in Vietnam have invested in stocks.

Real Estate 298

Real Estate Retail Internet Fintech 298

CIO

MARCH 20, 2023

By Serge Lucio, Vice President and General Manager, Agile Operations Division This is a continuation of Broadcom’s blog series: 2023 Tech Trends That Transform IT. Stay tuned for future blogs that dive into the technology behind these trends from more of Broadcom’s industry-leading experts.

Network 264

Network WAN Data Center Metrics 264

Palo Alto Networks

JANUARY 28, 2022

The UK Government has once again shifted the cyber discourse with the recent publication of the National Cyber Strategy 2022 , marking a significant change in how the government views cybersecurity and solidifying its position as a global cyber power. Building Resilience and Securing the Digital Ecosystem. A Whole of Society Approach.

Security 84

Security Strategy Telecommunications Government 84

Tenable

FEBRUARY 24, 2022

The tactical information shared in this blog is designed to help you prepare your digital response to these rapidly unfolding events. National Cyber Security Centre and Australia Cyber Security Centre have released advisories on this subject as well. Pulse Connect Secure Arbitrary File Read. CVE-2021-26855.

Government 145

Government Malware Groups Telecommunications 145

Palo Alto Networks

AUGUST 13, 2021

Share your cybersecurity experience with Palo Alto Networks users, customers, partners and employees from all around the world at Ignite ‘21! This year’s Ignite user conference will be available in the comfort of your own home on November 16-19, 2021. Data Center Security. Network Perimeter Internet Edge Security.

Technical Review 71

Technical Review Firewall WAN Malware 71

Tenable

SEPTEMBER 7, 2023

AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors. The vulnerability is caused by the use of an outdated version of Apache Santuario, an XML security software library.

Firewall 63

Firewall Software Review Technical Review Systems Review 63

Palo Alto Networks

JUNE 21, 2023

To most people, cybersecurity breaches seem like a distant threat. In fact, total losses resulting from internet cybercrime grew approximately 50% from 2021 to 2022 — jumping from $6.9 reported crime complaints decreased 5%, according to the 2022 FBI Internet Crime Report. billion — while the total U.S. While the U.S.

Education 48

Education Government Internet Network 48

Tenable

AUGUST 3, 2023

AA23-215A: 2022's Top Routinely Exploited Vulnerabilities A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022 Background On August 3, a joint Cybersecurity Advisory (CSA) AA23-215A coauthored by multiple U.S.

Authentication 52

Authentication Data Center Software Review Windows 52

TechTalk

FEBRUARY 10, 2021

After a many-months hiatus, we’re back with the monthly summary of security updates released by Microsoft for its array of consumer and enterprise products. The world has changed since my last post on this topic almost a year ago, but if anything, computers and the Internet have become even more important parts of our lives. […].

Internet 45

Internet Enterprise 45

Tenable

DECEMBER 8, 2022

A recent SANS Institute report finds that DevSecOps teams are improving their tooling, processes and techniques, but their organizations’ increasingly hybrid and multi-cloud IT environments are getting harder to secure. Integrated automatic security testing. in 2021 to 18.4% We also provide insights on how Tenable can help.

Survey 98

Survey Cloud Software Review Serverless 98

Xicom

NOVEMBER 19, 2020

Over the past few years, the discussions about the next year’s digital revolutions have been a call to repetition: Augmented Reality, Internet of Things, Edge Compute, Cloud technologies and the list goes on. What does this hold for 2021? Among them : 5G, AI, some like CDP (Customer Data Platforms) and cybersecurity may surprise you.

Mobile 98

Mobile Weak Development Team Development Blockchain 98

Palo Alto Networks

APRIL 19, 2022

Seasoned security professionals know that while zero-days get the headlines, the real problems always come from the dozens of small decisions every day inside of an organization. Even lower-skilled attackers can put together a scanning infrastructure to perform a rough scan of the internet to uncover assets ripe for compromise.

Report 97

Report Weak Development Team Internet Storage 97

David Walsh

MARCH 23, 2021

Malware has been a problem for decades, one that was exacerbated by the the rise of the internet, file sharing, and digital assets. And if you’re an employer with remote employees, you’ll want to ensure their computers are secured. Image_Advanced security. So what are the risk vectors? Created with Sketch.

Malware 104

Malware Weak Development Team Small Business Case Study 104