Login

Register

Login

Register

Category

Vulnerabilities/Exploits
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise. There was a time when attacks against identity and authentication infrastructure were the domain of well-financed and, likely, state-backed threat actors. These groups crave persistence on critical networks...
Read More
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach. To protect populations from COVID-19, countries are facing unforeseen circumstances and taking extreme measures in response. Everything is moving fast, but we can see that countries that took decisive measures early...
Read More
Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-5292PUBLISHED: 2020-03-31 Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and admini… CVE-2020-7009PUBLISHED: 2020-03-31 Elasticsearch versions from...
Read More
Bug bounty platform provider cited “Voatz’s pattern of interactions with the research community” in its decision to halt the app vendor’s vuln disclosure program on HackerOne. Mobile voting application vendor Voatz has been dismissed from HackerOne’s bug bounty program platform, according to a report on CyberScoop. Voatz — whose mobile voting app used in limited...
Read More
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic. The speed at which organizations are being forced to respond to the unfolding COVID-19 health crisis could be leaving many of them vulnerable to attack by threat actors rushing to exploit the situation. Over the past few...
Read More
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible. Trend Micro has issued critical patches for several vulnerabilities in its Apex One and OfficeScan XG enterprise security products. Attackers have tried to exploit at least two of these flaws. CVE-2020-8467, one of the two zero-days, is...
Read More
A vulnerability in Microsoft’s Server Message Block protocol prompted concerns of wormable exploits when it was disclosed this week. Microsoft has patched a critical remote code execution vulnerability in its Server Message Block (SMBv3) protocol and is urging organizations to deploy updates for the flaw as soon as possible. CVE-2020-0796 exists in the way SMBv3...
Read More
The costs associated with data breaches climb alongside the amount of data managed by the enterprise according to the latest Global Protection Index Snapshot. Organizations are, on average, managing nearly 40% more data than one year ago. And 80% see that data having value. Unfortunately, 81% don’t think their cybersecurity is up to future challenges....
Read More
A patch for the flaw is not yet available, but there are no known exploits — so far. Among the more critical vulnerabilities that Microsoft disclosed yesterday was one that ironically was not included in its scheduled Patch Tuesday update and for which a patch is still not available. The vulnerability exists in Microsoft’s Server...
Read More
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities. Security researchers have discovered yet another way that attackers can take advantage of a performance optimization technique in modern CPUs called speculative execution in order to steal encryption keys, passwords, and other...
Read More
Patch Tuesday features several remote code execution flaws in Microsoft Word. Microsoft today issued 26 CVEs for some 115 total vulnerabilities in a relatively hefty Patch Tuesday that includes 26 critical flaws that span browsers, Microsoft Word, and Media Foundation. The critical flaws break down to 17 in browser and scripting engines, four in Media...
Read More
The former Supreme Allied Commander of NATO gives Dark Reading his take on the greatest cyberthreats our nation and its businesses face today. By any standard James Stavridis has had a remarkable career, beginning with graduating from the US Naval Academy (with a degree in electrical engineering), rising through the ranks of officers to commander...
Read More
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung. RSA Conference 2020 – San Francisco – A vulnerability in the way that two Wi-Fi chipsets handled network...
Read More
Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2015-3006PUBLISHED: 2020-02-28 On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for...
Read More
In Dun & Bradstreet’s 2019 “Compliance and Procurement Sentiment” report, respondents cited cybersecurity as their top concern, yet 48% had not integrated associated risks into their third-party risk management. While developing and implementing a supply chain security program can be daunting, it should be the first item on your company’s to-do list — with an emphasis...
Read More
A new Intel report looks at the more than 250 CVEs affecting Intel products in 2019. RSA CONFERENCE 2020 – San Francisco – In 2019, Intel published 236 CVEs (Common Vulnerability and Exposures) vulnerabilities from its various products. The company today issued a report that analyzed those CVEs on the type, severity, and source as...
Read More
The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors. RSA Conference 2020 – San Francisco – Every employee has the potential to become an insider threat, whether through accidental or malicious means. Organizations with the right steps in place can both prevent a...
Read More
Nearly 60% of IT and security pros say deployment of business services in the cloud has rushed past their ability to secure them. RSA CONFERENCE 2020 – San Francisco – The majority (59.4%) of IT and security professionals are concerned about their ability to effectively secure cloud-based enterprise services as businesses continue to adopt them....
Read More
Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you. When it’s time to talk attacks, it’s hard to get more evil than a technique that uses victims’ own systems against them....
Read More
CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study. RSA CONFERENCE 2020 – San Francisco – The security team, instead of operating in silos, can lower overall post-breach costs if it collaborates with other teams across the organization....
Read More
1 2 3

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW