Both high and low-risk bugs and licensing conflicts are rife in today’s business codebases. Up to 60 percent of all codebases used in the enterprise contain at least one vulnerability originating from open-source components, new research suggests. On Tuesday, Black Duck by Synopsys released its annual Open Source Security and Risk Analysis (OSSRA) report, which analyzed the … Read more
Cisco blog follows DHS Cybersecurity and Infrastructure Security Agency (CISA) report detailing risks around Office 365 and other cloud services. It’s no secret that if you have a cloud-based e-mail service, fighting off the barrage of security issues has become a maddening daily routine. The leading e-mail service – in Microsoft’s Office 365 package – seems to be … Read more
An agreement links Cisco Meraki MX Security/SD-WAN appliances and its Auto VPN technology to Teridion’s cloud-based WAN service that claims to accelerate TCP-based applications by up to 5X. Cisco and Teridion have tied the knot to deliver faster enterprise software-defined WAN services. The agreement links Cisco Meraki MX Security/SD-WAN appliances and its Auto VPN technology which lets users quickly bring up … Read more
Red Hat issued a security advisory on recently disclosed CVEs (common vulnerabilities and exposures) in Intel microprocessors. Four vulnerabilities were publicly disclosed related to Intel microprocessors. These vulnerabilities allow unprivileged attackers to bypass restrictions to gain read access to privileged memory. They include these common vulnerabilities and exposures (CVEs): CVE-2018-12126 – a flaw that could lead to information … Read more
Executives and cloud-based services are gaining popularity as targets for cyber criminals, according to the latest data breach investigations report. C-level executives who have access to a company’s most sensitive data are increasingly and proactively targeted by cyber criminals, correlating to a rise in social engineering attacks with financial motivation, Verizon’s 2019 Data breach investigation report (DBIR) reveals. Cloud-based services are … Read more
Cisco released 40 security advisories around Nexus switches, Firepower firewalls and more. Cisco issued some 40 security advisories today but only one of them was deemed “critical” – a vulnerability in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could let an attacker secretly access system resources. The exposure, which was … Read more
Performance, form factors, and automation capabilities are key considerations when choosing a next-generation firewall (NGFW). Firewalls have been around for years, but the technology keeps evolving as the threat landscape changes. Here are some tips about what to look for in a next-generation firewall (NGFW) that will satisfy business needs today and into the future. … Read more
Cisco’s Talos security group says DNSpionage tools have been upgraded to be more stealthy. The group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities. Cisco Talos security researchers, who discovered DNSpionage in November, this week warned of … Read more
VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies. The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pulse may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. … Read more
Cisco is issuing 17 new fixes for security problems with IOS and IOS/XE software that runs most of its routers and switches, while it has no patch yet to replace flawed patches to RV320 and RV 325 routers. Cisco has dropped 17 Security advisories describing 19 vulnerabilities in the software that runs most of its routers and … Read more
