Four Things Your CISO Wants Your Board to Know
For years, it seems like we’ve been rationalizing why your company’s Chief Information Security Officer (CISO) deserves a seat at the boardroom table. In many industries, we’ve come a long way since then. At more and more organizations, CISOs have stepped up and begun conferring regularly with the CFO, CTO, and CEO on security strategy,…
Network Security Company Netography Raises $45 Million
The new investment round was led by Bessemer Venture Partners and SYN Ventures. Existing investors Andreessen Horowitz, Harpoon Ventures, Mango Capital, and Wing Venture Capital also contributed. The network security firm says it will use the capital for the development of new technology and for channel expansion. The company says it also plans to invest…
Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing…
SASE and Zero Trust: What’s the Connection?
Many organizations find themselves in a tricky spot today when it comes to digital transformation. With many looking to zero trust, how does Secure Access Secure Edge (SASE) fit in? On the one hand, the events of 2020 helped to speed up many digital adoption projects. A 2020 report from McKinsey found that more than…
Contrast Security Raises $150 Million at ‘Unicorn’ Valuation
The company offers a platform that helps developers create more secure applications by discovering vulnerabilities in code, detecting what libraries are being used, and goes as far as providing embedded runtime exploit prevention that analyzes application runtime to prevents and confirm exploitability of bugs. Contrast says the investment will help it meet demand for its…
Nearly 100 TCP/IP Stack Vulnerabilities Found During 18-Month Research Project
The research, named Project Memoria, was conducted by enterprise device security firm Forescout in collaboration with others. It resulted in the discovery of the vulnerabilities tracked as Ripple20, AMNESIA:33, NUMBER:JACK, NAME:WRECK, INFRA:HALT, and NUCLEUS:13. TCP/IP stacks are leveraged by a wide range of devices for communication, including medical products, industrial control systems (ICS), printers, and…
Citrix Patches Critical Vulnerability in ADC, Gateway
The most severe of the two bugs is CVE-2021-22955, a critical security hole that could lead to a DoS condition on appliances that have been configured as a VPN (Gateway) or AAA virtual server. The security flaw was identified in Citrix Application Delivery Controller (ADC, formerly NetScaler ADC), and Gateway (formerly NetScaler Gateway). Tracked as…
RPC Firewall Dubbed ‘Ransomware Kill Switch’ Released to Open Source
Today at Black Hat London, Zero Networks announced the release of its RPC firewall – also dubbed the ‘ransomware kill switch’ – into open source. The tool provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping almost all ransomware in its tracks. Microsoft’s Remote Procedure Call (MS-RPCE)…
Many Healthcare, OT Systems Exposed to Attacks by NUCLEUS:13 Vulnerabilities
Collectively referred to as NUCLEUS:13, the issues likely affect safety-critical devices, such as anesthesia machines, patient monitors and other types of devices used in healthcare. Other types of operational technology (OT) systems are also impacted. The most important of the newly identified issues is CVE-2021-31886 (CVSS score of 9.8), a stack-based buffer overflow that exists…
Zero Trust: What NIST’s Guidelines Mean for Your Resources
In May, The White House released an executive order on improving the nation’s cybersecurity. The order came with various directives for Federal Civilian Executive Branch agencies. Among other efforts, the order focused on the federal government’s advance toward zero trust architecture (ZTA). It framed this journey as one “which shall incorporate, as appropriate, the migration…
