Tenable

MAY 27, 2021

The Department of Homeland Security has issued key guidance for oil and gas operations in the wake of recent cyberthreats. The DHS- TSA 2021-1 Pipeline Directive. On May 28, 2021, the U.S. It represents an important inflection point in securing critical infrastructure environments that might otherwise be at risk.

Security 98

Security Guidelines Infrastructure Systems Review 98

Tenable

JANUARY 20, 2023

Plus, NIST mulls major makeover of its Cybersecurity Framework. Also, the struggle to develop secure apps is real. Then check out how Uncle Sam plans to use AI and ML to boost cybersecurity. Almost 70% of organizations' SDLCs are missing critical security processes. Learn all about the spike in CISO job satisfaction.

Software Review 62

Software Review Artificial Inteligence SDLC Technical Review 62

Tenable

JUNE 23, 2023

Also, review concrete guidance on cloud system administration and on designing cloud apps with privacy by default. That’s why a recent IANS Research blog post about building an incident response process for ransomware caught our eye. Learn all about the DOJ’s reward for CL0P ransomware leads. And much more!

Cloud 53

Cloud Systems Review Data Disaster Recovery 53

Tenable

NOVEMBER 4, 2022

Get the latest on salary trends for CISOs and cybersecurity pros; CISA’s call for adopting phishing-resistant MFA; the White House’s ransomware summit; and more! and Canada improved this year compared with 2021 as employers paid up to retain their cybersecurity chiefs amidst a shortage of qualified candidates for these jobs.

Trends 102

Trends Authentication Recruiting Banking 102

Tenable

SEPTEMBER 2, 2022

Securing machine learning systems. Shifting security left – meaning, starting security checks earlier in the software development process – has been widely hailed. Most companies expect developers to do security code reviews, but many don’t provide them with security training. And much more!

Security 52

Security Software Review Artificial Inteligence Technical Review 52

Xebia

FEBRUARY 19, 2021

We all know that the hardening of a system or implementing 2FA does not magically improves the security of an organisation. Also for the successful improvement of security in your organisation, a holistic approach is needed. Implementing and improving security demands your approach to cover both people, process and technology.

Agile 130

Agile Culture Technical Review Systems Review 130

Tenable

FEBRUARY 9, 2021

Despite addressing only 56 CVEs, Microsoft’s February 2021 Patch Tuesday release contains fixes for a number of significant security threats, as well as an elevation of privilege vulnerability disclosed by Tenable’s Zero Day Research team. CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 | Windows TCP/IP Vulnerabilities.

Windows 101

Windows Software Review Systems Review Technical Review 101

Tenable

JANUARY 19, 2024

Cybersecurity and Infrastructure Security (CISA) agency and the Federal Bureau of Investigation (FBI) said this week. To mitigate this risk, the agencies recommendations include: Using drones built with secure-by-design principles, such as those manufactured in the U.S. The upside?

Infrastructure 71

Infrastructure Malware Government Technical Review 71

Cloudera

DECEMBER 13, 2021

On December 10th 2021, the Apache Software Foundation released version 2.15.0 of the Log4j Java logging library, fixing CVE-2021-44228 , a remote code execution vulnerability affecting Log4j 2.0-2.14. We encourage customers to review the details in our TSB and apply workarounds immediately.

Software Review 125

Software Review Technical Review Open Source Technical Support 125

Tenable

JULY 14, 2021

Following a patch for a zero-day vulnerability in SolarWinds’ Serv-U Managed File Transfer, researchers share new details about the attacks, as over 8,000 systems remain publicly accessible and potentially vulnerable. CVE-2021-35211. CVE-2021-35211 is a memory escape vulnerability in SolarWinds Serv-U Managed File Transfer Server.

Software Review 98

Software Review Systems Review Groups Research 98

Tenable

OCTOBER 4, 2023

In 2021, the U.S. Infrastructure Investment and Jobs Act created the State and Local Cybersecurity Grant Program (SLCGP) to help state, local, tribal and territorial (SLTT) governments address an ever-evolving cybersecurity threat landscape. Objective 3: Implement security protections commensurate with risk.

Programming 63

Programming Meeting How To Government 63

Palo Alto Networks

JANUARY 14, 2022

I think we can all breathe a sigh of relief that we made it to the end of 2021. From a cybersecurity perspective, this year was a doozy. Unfortunately, the risk of cyberattack is constantly changing due to ongoing business transformations, so there doesn’t appear to be any slowdown on the near horizon.

Systems Review 82

Systems Review Technical Review Sustainability Strategic Planning 82

Tenable

MARCH 11, 2021

On March 10, F5 published a security advisory for several critical vulnerabilities in BIG-IP and BIG-IQ , a family of hardware and software solutions for application delivery and centralized device management. CVE-2021-22986. CVE-2021-22987. CVE-2021-22988. CVE-2021-22989. CVE-2021-22990. CVE-2021-22990.

Software Review 99

Software Review Systems Review Authentication Policies 99

Tenable

AUGUST 5, 2021

On August 4, Cisco released several security advisories , including an advisory for two vulnerabilities in a subset of its line of Small Business VPN Routers. CVE Description CVSSv3 CVE-2021-1609 Web Management Remote Code Execution and Denial of Service Vulnerability 9.8 CVE-2021-1610 Web Management Command Injection Vulnerability 7.2

Small Business 145

Small Business Software Review WAN Wireless 145

Tenable

FEBRUARY 3, 2023

Also, check out our ad-hoc poll on cloud security. issues framework for secure AI Concerned that makers and users of artificial intelligence (AI) systems – as well as society at large – lack guidance about the risks and dangers associated with these products, the U.S. And much more! 1 - Amid ChatGPT furor, U.S.

ChatGPT 52

ChatGPT Artificial Intelligence Artificial Inteligence Technical Review 52

Tenable

SEPTEMBER 16, 2022

Several global cybersecurity agencies publish a joint advisory detailing efforts by Iranian-government sponsored threat actors exploiting vulnerabilities to enable ransomware attacks. On September 14, the Cybersecurity and Infrastructure Security Agency along with the National Security Agency, U.S. CVE-2021-44228.

Systems Review 52

Systems Review Software Review Report Authentication 52

Lacework

MAY 5, 2022

Cloud computing’s first boom began in the 1960s when virtualization — a strategy for dividing system resources between multiple applications — and time-sharing were made popular by vendors like IBM. These eras of cloud computing brought about a massive increase in security breaches and the intensification of criminalization of hackers.

Cloud 98

Cloud Development Team Review Software Review Systems Review 98

Tenable

JANUARY 19, 2022

A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond. “We We all know that the best way to improve is by debriefing, especially when it comes to reviewing security events and vulnerabilities. What’s inside the 2021 Threat Landscape Retrospective.

Systems Review 52

Systems Review Report Windows Metrics 52

Tenable

JULY 7, 2021

CVE-2021-34527. This blog post was published on July 7 and reflects VPR at that time. Microsoft originally released its advisory for CVE-2021-34527 on July 1. This advisory was released in response to public reports about a proof-of-concept (PoC) exploit for CVE-2021-1675 , a similar vulnerability in the Windows Print Spooler.

Windows 101

Windows Software Review Systems Review Development Team Review 101

Tenable

MARCH 17, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is intensifying its efforts to help reduce ransomware attacks against critical infrastructure. For more information, check out CISA’s description of the RVWP program, as well as coverage from The Record , CyberScoop , GCN , SC Magazine and NextGov. billion in 2021 to $10.3

Infrastructure 52

Infrastructure Groups ChatGPT Generative AI 52

Palo Alto Networks

JANUARY 7, 2021

We’ve taken a moment to make cybersecurity predictions for Europe, the Middle East and Africa (EMEA) in 2021, and to consider the upcoming challenges and opportunities. The consumer hop: With so many working from home, the weak point becomes what else could act as a bridge to the secured business device.

IoT 52

IoT Software Review Cloud Systems Review 52

Tenable

DECEMBER 2, 2022

Get the latest on Log4Shell’s global remediation status; the need for metaverse security rules; a shutdown of “pig butchering” domains; tips for secure IoT products; an informal poll about AD security; and more! . Cybersecurity and Infrastructure Security Agency (CISA). Log4j guidance from the U.S.

IoT 52

IoT Systems Review Guidelines Technical Review 52

Kaseya

AUGUST 2, 2022

We have shared the survey highlights in this blog, but we encourage you to download the full report for more details. Maintaining cybersecurity is essential but challenging. SMBs make an attractive target because they lack a solid security framework and often do not have the right resources and knowledge on how to build one.

Survey 105

Survey SMB Cloud Technical Review 105

Tenable

JUNE 23, 2021

On June 22, SonicWall published an advisory (SNWLID-2021-0006) to address an incomplete fix for a vulnerability in its operating system, SonicOS, used in a variety of SonicWall network security devices, including their SSL VPNs. CVE-2021-20019. CVE-2021-20019 is a buffer overflow vulnerability in SonicWall’s SonicOS.

Technical Review 96

Technical Review Systems Review Firewall Software Review 96

Cloudera

DECEMBER 13, 2021

On December 10th 2021, the Apache Software Foundation released version 2.15.0 of the Log4j Java logging library, fixing CVE-2021-44228 , a remote code execution vulnerability affecting Log4j 2.0-2.14. We encourage customers to review the details in our TSB and apply workarounds immediately.

Software Review 92

Software Review Technical Review Open Source Technical Support 92

Tenable

JANUARY 20, 2021

Oracle’s first Critical Patch Update of 2021 addressed 329 security updates across 25 product families, including five new critical flaws in Oracle WebLogic Server. On January 19, Oracle released the Critical Patch Update (CPU) for January 2021 , its first quarterly release for the year. Chart is accurate as of January 19, 2021.

Backup 99

Backup Technical Advisors Software Review Technical Review 99

Tenable

SEPTEMBER 22, 2023

Department of Homeland Security in its “ Homeland Threat Assessment 2024 ” report. Snatch, which appeared in 2018 and was originally known as Team Truniger, uses a ransomware-as-a-service (RaaS) model to operate, and employs a variety of frequently changing methods to breach systems and establish network persistence, the agencies said.

Insurance 70

Insurance Trends IoT Software Review 70

Tenable

OCTOBER 16, 2023

Background On October 16, Cisco’s Talos published a blog post warning of a zero-day vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software that has been exploited in the wild by unknown threat actors. CVE-2021-1435 is a command injection vulnerability affecting the Web UI of Cisco IOS XE software.

Software Review 109

Software Review Systems Review Authentication Transportation 109

Tenable

JULY 7, 2023

1 – McKinsey: Generative AI will empower developers, but mind the risks Generative AI tools like ChatGPT will supercharge software developers’ productivity, but organizations must be aware of and mitigate the AI technology’s security and compliance risks. Dive into six things that are top of mind for the week ending July 7.

ChatGPT 52

ChatGPT Generative AI Tools Software Review 52

Xebia

NOVEMBER 18, 2022

In 2021 resilience has been identified as a must in business design. In 2021 the EU has adopted the term resilience as key for industry 5.0 [ eu01 , eu02 ]. An organization or an IT system is in difficulties when an event results in a decrease of its value output. These systems are to be called fragile. See figure 1.

Systems Review 130

Systems Review Construction Software Review Engineering 130

Palo Alto Networks

OCTOBER 1, 2021

The Education team was able to adapt, innovate and future proof the cybersecurity learning experience amidst a global crisis by offering online credentials, micro and blended learning opportunities. Cybersecurity education is critical to ensure organizations and individuals are secure and protected from today’s sophisticated threats.

Education 52

Education Training Virtualization eBook 52

Tenable

SEPTEMBER 7, 2021

On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center software. CVE-2021-26084. This blog post was published on September 7 and reflects VPR at that time. Thousands of Confluence Servers are vulnerable to CVE-2021-26084. Image Source: Censys Blog.

Data Center 101

Data Center Software Review Authentication Linux 101

Palo Alto Networks

NOVEMBER 11, 2021

Business activities, once confined to secure offices on a corporate campus, have now shifted to the home with employees accessing business-critical data of varying value and sensitivity. To that end, Palo Alto Networks has recently conducted a study — The Connected Enterprise: IoT Security Report 2021.

IoT 70

IoT Malware Weak Development Team Software Review 70

Tenable

SEPTEMBER 7, 2023

AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors. The vulnerability is caused by the use of an outdated version of Apache Santuario, an XML security software library.

Firewall 63

Firewall Software Review Technical Review Systems Review 63

Palo Alto Networks

SEPTEMBER 28, 2023

For example, threat actors are currently engaged in data theft in addition to ransomware in more than 70% of cases on average, compared to only about 40% of cases as of mid-2021. Leverage the Power of AI and Automation – Modernize security operations and reduce the burden on overworked analysts.

Technical Review 116

Technical Review Weak Development Team Internet Network 116

Tenable

DECEMBER 12, 2022

On December 9 Olympe Cyberdefense published a brief summary of a vulnerability affecting several versions of Fortinet FortiOS used in its FortiGate secure socket layer virtual private network (SSL VPN) and firewall products. The blog from Olympe Cyberdefense goes further, stating attackers could gain “full control.”. Background.

Software Review 99

Software Review Systems Review Firewall Report 99

Cloudera

FEBRUARY 18, 2021

2021 looks likely to be defined by a new phase: Thriving on digital transformation, rather than just surviving through it. . In 2021, with the crisis hopefully fading, insurance will have time to evaluate the changes made in 2020, assessing what worked and what didn’t, and planning a new way forward rather than reacting in real time. .

Insurance 105

Insurance Trends Data Artificial Inteligence 105