Tenable

SEPTEMBER 11, 2023

Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled. Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly.

Groups 119

Groups Report Authentication Software Review 119

DevOps.com

JUNE 16, 2021

PDT on June 22nd-23rd that dives deep into application security in the modern tech space. Security experts share insights on topics ranging from how to measure AppSec success to what role AppSec plays in digital transformation. Software developers, security […].

How To 137

How To Conference Software Development Virtualization 137

DevOps.com

JANUARY 23, 2024

Legit Security expanded the scope of its ASPM platform to make use of AI to discover vulnerable application secrets more accurately.

Applications 63

Applications Artificial Intelligence Artificial Inteligence Social 63

CIO

APRIL 24, 2024

In today’s fast-paced software development landscape, managing and securing the software supply chain is crucial for delivering reliable and trusted software releases. For large companies especially, managing the secure use of 10+ technologies can be a nightmare without the right tools and processes in place.

Software 260

Software Open Source Survey Report 260

DevOps.com

MAY 17, 2021

WhiteHat Security, a subsidiary of NTT, has announced an integration with BitDefender to make it easier for developers and cybersecurity teams to discover the extent to which the attack surface they need to defend might be impacted by a vulnerability.

Internet 121

Internet Development Applications DevOps 121

Lacework

MAY 20, 2022

In early April VMware released patches for remote code execution and authentication bypass vulnerabilities against multiple VMWare products, including VMware Workspace ONE Access, VMWare identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. Known Affected Software. VMware Workspace ONE Access (Access).

Malware 78

Malware IoT Authentication Network 78

CIO

MARCH 18, 2024

But while there’s plenty of excitement and change underway, security risks and vulnerabilities have continued to follow right alongside that innovation. But what exactly does this policy mean for IT security? And how can businesses ensure they’re ready? So, who needs to adhere to DORA?

Disaster Recovery 302

Disaster Recovery Technical Review Systems Review Software Review 302

Ivanti

FEBRUARY 14, 2024

We want to thank our customers for their support and patience over the last few weeks as we navigate the recent issues affecting Ivanti Connect Secure, Policy Secure and ZTA gateways. We will not stop until we are confident our products and our customers are protected and these vulnerabilities have been fully resolved.

Policies 49

Policies Technical Review Software Review Systems Review 49

Synopsys

OCTOBER 28, 2022

Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. The post Experts warn of critical security vulnerability discovered in OpenSSL appeared first on Application Security Blog.

Applications 83

Applications Organization Research Analysis 83

CIO

APRIL 29, 2024

Java 22, for example, is the most current version and is more secure, more operations-friendly, more performant, and more memory efficient. However, to truly take advantage of modern Java, apps built for the ecosystem must be constantly maintained to maximize performance and minimize exposure to risks and security vulnerabilities.

Hardware 306

Hardware Infrastructure Performance Applications 306

Tenable

JANUARY 31, 2024

Frequently asked questions for four CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days. Three of these four vulnerabilities have been exploited in the wild as zero-days. FAQ What are the Ivanti CVEs and when were they disclosed?

Policies 63

Policies Malware Authentication Software Review 63

Tenable

APRIL 20, 2021

Threat actors are leveraging a zero-day vulnerability in Pulse Connect Secure, for which there is no immediate patch scheduled for release. Pulse Connect Secure Authentication Bypass Vulnerability. CVE-2021-22893 is a critical authentication bypass vulnerability in Pulse Connect Secure. Background.

Authentication 134

Authentication Malware Research Government 134

CIO

MARCH 25, 2024

The analysis carried out by the UAE Cyber Security Council and CPX Holding announced the release of the ‘State of the UAE – Cybersecurity Report 2024’. The entire ecosystem should engage proactively in reducing the UAE’s vulnerability to these threats. Dr. Mohamed Al Kuwaiti, Head of Cyber Security for the UAE Government.

Energy 278

Energy Government Report Infrastructure 278

CIO

JANUARY 22, 2024

The remote work revolution has pushed companies to rethink their security and data protection practices amidst hybrid work and cloud environments. In turn, threat actors have continued to exploit the vulnerabilities companies exposed themselves to, including those publicly identified, in keeping pace with rapid digital transformation efforts.

Technical Review 312

Technical Review Systems Review How To Authentication 312

InfoWorld

APRIL 12, 2024

The Rust language team has published a point release of Rust to fix a critical vulnerability to the standard library that could benefit an attacker when using Windows. This vulnerability becomes critical if batch files are invoked on Windows with untrusted arguments. No other platform or use was affected.

Windows 84

Windows Development 84

Tenable

DECEMBER 22, 2023

Learn how the cyber world changed in areas including artificial intelligence, CNAPP, IAM security, government oversight and OT security. As we bid adieu to 2023, we highlight major trends that impacted cybersecurity professionals in the past 12 months. In short, the optimism over AI’s promise for cyber defense was palpable this year.

Artificial Inteligence 76

Artificial Inteligence Technical Review Cloud Artificial Intelligence 76

CIO

NOVEMBER 14, 2023

While the connected device landscape continues to expand and evolve, so do the opportunities for cybercriminals to exploit IoT vulnerabilities. It also introduces new security challenges that demand our attention, especially as IoT is integrated into operational technology (OT) environments.

IoT 325

IoT Enterprise Malware Authentication 325

TechCrunch

DECEMBER 6, 2023

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps.

Mobile 347

Mobile Research 347

TechCrunch

DECEMBER 19, 2023

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers. Citrix made patches available in early October, but many […] © 2023 TechCrunch.

Data 361

Data Network 361

TechCrunch

DECEMBER 1, 2023

Apple has released security updates for iPhones, iPads and Macs to patch against two vulnerabilities, which the company says are being actively exploited to hack people. following a vulnerability disclosure by security researchers at Google’s Threat Analysis Group, which investigates […] © 2023 TechCrunch.

Analysis 331

Analysis Research Groups Software 331

CTOvision

SEPTEMBER 21, 2020

Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer. Named BLESA (Bluetooth Low Energy Spoofing […].

IoT 126

IoT Energy Software 126

Kaseya

APRIL 7, 2021

As businesses transition to a new normal that includes remote work as a regular part of everyday life, they face a host of extra security challenges. At the same time, MSPs are on high alert for security breaches into the systems they manage, desperate to avoid damaging attacks, data theft, and outages.

Network 130

Network Meeting Applications System 130

DevOps.com

MAY 19, 2020

Security testing has always been an important step in the application development process. Yet, traditional measures often occur too late in the process to effectively find and fix vulnerabilities before causing costly production delays, or worse, putting organizations at risk for potential security breaches.

Applications 116

Applications Testing Organization Development 116

CIO

NOVEMBER 13, 2023

That means an attacker looking to crack into an organization’s systems could simply examine the readily available open-source code and pick out vulnerabilities to exploit. So, where do businesses and IT leaders stand on the use of open source in the context of mainframe security? What are their concerns?

Open Source 328

Open Source Survey Report Software 328

CIO

NOVEMBER 6, 2023

This makes it more critical than ever to adopt strong security measures to protect sensitive information and infrastructure. However, while cloud computing offers benefits like improved efficiency, scalability, and accessibility, it poses new security challenges.

Cloud 331

Cloud Authentication Policies Systems Review 331

CIO

APRIL 30, 2024

The threat of cyberattack has never been higher, and nearly nine in 10 (88%) of security leaders believe their organization is not meeting the challenge of addressing security risks, according to the Foundry Security Priorities Study 2023. Keep OT devices updated using the latest security patches. Don’t wait.

Network 289

Network Meeting Study Internet 289

SecureWorks

MAY 21, 2021

When it Comes to Security Vulnerabilities Ignorance Isn’t Bliss You can't defend what you don't know about A good threat and vulnerability management program is the first, and most essential, step in identifying security vulnerabilities that keep your organization protected and efficient.

Programming 85

Programming Organization 85

Aqua Security

OCTOBER 28, 2022

The OpenSSL project has pre-announced a new and critical severity vulnerability that will be fixed in OpenSSL version 3.0.7, This is a developing story. Updates will be amended as new information and guidance becomes available. expected November 1, 2022.

Development 119

Development Software 119

Aqua Security

OCTOBER 8, 2020

Modern-day CI/CD pipelines enable new security approaches and transform the DevOps landscape to accommodate a variety of safety nets into the software supply chain. We saw this as an opportunity to seamlessly incorporate container image security without creating friction.

.Net 99

.Net DevOps Performance Testing 99

CIO

NOVEMBER 13, 2023

This means the security of the mainframe is absolutely essential. And as new methodologies like DevOps, the increasing adoption of open source, and the shift to hybrid cloud solutions continue to trend, mainframe security vulnerabilities become a serious threat. Read on to learn their perspective on mainframe security.

Compliance 311

Compliance Survey Education Training 311

Synopsys

MARCH 10, 2021

Identifying security vulnerabilities is only half the battle. To remediate and prioritize them, you need Black Duck Security Advisories. The post Get earlier, actionable vulnerability insights from Black Duck Security Advisories appeared first on Software Integrity Blog.

Software 84

Software Analysis 84

CIO

OCTOBER 31, 2023

In the ever-evolving landscape of cloud computing, today’s leading enterprises are seeking ways to optimize their operations and enhance their security measures. Cloud costs and security are two critical aspects that every organization must carefully manage, and they are more closely intertwined than you might think.

Cloud 325

Cloud Policies Resources Budget 325

Tenable

FEBRUARY 22, 2021

Your introduction to vulnerability assessment doesn't have to be confusing – let's go over the key terms. When you're new to vulnerability assessment (VA) – or any other area of cybersecurity, for that matter – some aspects of the process might seem unfamiliar or confusing. The true definition of a vulnerability.

Malware 89

Malware Spyware Compliance Network 89

Tenable

JULY 23, 2020

After Cisco disclosed a serious vulnerability in its Adaptive Security Appliance and Firepower Threat Defense, one of the security researchers credited with its discovery released proof of concept code for the flaw. CVE-2020-3452 is a read-only path traversal vulnerability in Cisco ASA and FTD software. Background.

Research 106

Research Data Center System Software 106

SecureWorks

JUNE 28, 2022

Type: Blogs Security Vulnerability Remediation: To Patch or Not to Patch? 5 Life-Saving Questions to Ask Yourself Today Knowing the answers to these 5 security vulnerability remediation questions can help safeguard your organization from an exploit.

Organization 58

Organization 58