The CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) stacks. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The IoT Cybersecurity Improvement Act has been officially signed into law. The bipartisan legislation, sponsored by Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., requires that any IoT device purchased with government money meet minimum security standards.
For years, just about every update of consumer cloud applications would include new features that the user could configure around their personal taste, convenience, and preferred uses. Over time, and with increasing features and capabilities, what had begun as an application’s simple settings, was replaced by a proliferation of tabs, cascading drop-down menus, banners, breadcrumbs, hyperlinks, bookmarks, and more, creating a world of choices and individual styles.
Silicon Valley company FireEye, who is often on the front lines of defending companies and critical infrastructure from cyberattacks, has been breached by hackers.
The risk to the financial sector is extremely high, and due to the high value of financial data, cybercriminals are increasingly targeting customer banking credentials when carrying out attacks. Below, we speak to Robert O'Connor, Chief Information Security Officer (CISO) for Neocova Corporation, about the cybersecurity challenges within financial institutions and best practices to safeguard financial data and prevent attacks.
Synopsys, Inc. released the report, DevSecOps Practices and Open Source Management in 2020, exploring the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.
The National Security Agency (NSA) released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems and abuse federated authentication.
When we hear the term “critical infrastructure,” we want to believe that the assets – whether they are physical or digital – are extremely secure. Our minds conjure images of the vaults of Fort Knox, which are protected from every angle. However, critical infrastructure of the digital variety is not necessarily any more secure than any other digital asset. It all comes down to how meticulous the organization is in looking for and quickly closing vulnerabilities and security gaps that expose an attack surface for a bad actor to exploit.
With more Americans expected to do their holiday shopping online during the COVID-19 pandemic, US agencies and cybersecurity leaders are urging all consumers to be on alert for holiday shopping scams and cyber threats, which historically spike during the holiday season. Here, we talk to Michael Rezek, Vice President of Business Development and Cybersecurity Strategy at Accedian, about the technologies retailers need to adopt to ensure a smooth holiday shopping season, how to see the warning signs for bad actors, how to proactively manage them and what to do to prevent them in the first place.
To combat commonly exploited protocols, the Center for Internet Security, Inc. (CIS) has released guidance to help organizations mitigate these risks to protect and defend against the most pervasive cyber threats faced today that can be exploited through RDP.