Cisco patches weaknesses in wireless, SD-WAN and IOS XE configuration software. Cisco has patched three critical security holes in its IOS XE software that’s used across a variety of its core routers and switches. The three critical warnings are part of a big release of 32 security alerts, many of which are IOS XE-related, including firewall, … Read more
The Windows Malicious Software Removal Tool (MSRT) and the Microsoft Safety Scanner (MSERT.exe) do more or less the same thing: scan for and remove Windows malware. We explore and explain the differences. Microsoft provides Windows users with two tools that offer malware scanning and repair services, should those scans turn up anything in need of … Read more
Years-old security vulnerabilities remain a common attack method for ransomware attacks because organizations aren’t applying the patches to fix them. Some of the cybersecurity vulnerabilities most commonly exploited by cybercriminals to help distribute ransomware are years old — but attackers are still able to take advantage of them because security updates aren’t being applied. Cybersecurity … Read more
Former US CISA director Chris Krebs outlined the intent of the Biden administration’s cybersecurity executive order — and stressed the importance of a robust response from CIOs across all sectors. CIOs who overlook the US government’s cybersecurity orders do so at their peril — and that of their enterprise. That’s what former US Cybersecurity and … Read more
The flaw can be exploited to give an attacker administrator rights on a compromised system, despite efforts to fix the problem. Hackers have already created malware in a bid to exploit an elevation of privilege vulnerability in Microsoft’s Windows Installer. Microsoft released a patch for CVE-2021-41379, an elevation of privilege flaw in the Windows Installer component for enterprise … Read more
The government agency urged administrators to review Cisco’s advisory and apply the necessary updates. CISA has released a second advisory about several Apache HTTP server vulnerabilities. Cisco sent out a notice about the vulnerabilities in November, explaining that the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases on September 16. The IDs are … Read more
Cybersecurity researchers warn on the growing pace of scans and attempted attacks looking to exploit the Java logging library security flaw. The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow. The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code … Read more
Just when we thought cloud computing could take a post-pandemic victory lap, we now face the largest challenge to date. In the latest Agents of Transformation report, Agents of Transformation 2021: The Rise of Full-Stack Observability, 77% of global technicians report experiencing a higher level of complexity as a result of accelerated cloud computing initiatives during the … Read more
Cisco bought Kenna Security to integrate its data-science-driven, security risk-management technology into Cisco’s Secure X platform. Cisco continues to bulk-up its security portfolio, this week closing the deal on risk-based management company Kenna Security for an undisclosed amount. Kenna’s Risk-Based Vulnerability Management system collects and analyzes security data to provide security teams with information about … Read more
The catalogue of high-profile ransomware attack examples is growing larger and becoming more alarming every day, affecting everything from gas pipelines to transport and technology firms. And as the range of targets for ransomware attacks grows, the average value of ransom payments being demanded by cyber criminals is also skyrocketing. In fact, the average ransom payment was … Read more
