cybersecurity

Vulnerabilities

Issued by: DataBreach Today

A five-year old vulnerability in Fortinet SSL VPNs remains one of the most widely exploited flaws in enterprise networks, despite repeat patch warnings. So say cybersecurity officials across the U.S. and its Five Eyes intelligence alliance partners in a new joint security advisory detailing the 12 most common vulnerabilities and exposures that were most “routinely…

Application Security

Issued by: DataBreach Today

The desire for digital acceleration has led organizations to drive toward delivering faster and better application experiences and to bring applications and data closer to users and devices. Many organizations realize that application journeys are fluid in practice because applications can live anywhere from data centers to hybrid and multi-clouds to edge compute. The reason…

News

Issued by: SecurityWeek

The security directive for pipeline owners and operators — released following the disruptive cyberattack that hit Colonial Pipeline in 2021 — requires them to implement measures to improve their defenses against cyberattacks. The TSA updated the requirements in July 2022 to offer more flexibility in achieving the outlined goals. Exactly one year later, the agency…

Malware & Threats

Issued by: DataBreach Today

For cybercriminals looking to attack businesses, email continues to be the preferred attack vector. Despite a rapidly changing technology landscape with new innovations such as ChatGPT, cybercriminals are opting to adapt their email-based techniques to improve old tactics rather than create new methods altogether. This is largely because email provides cybercriminals with a direct line…

Malware & Threats

Issued by: Dark Reading

Researchers have discovered hundreds of devices running on government networks that expose remote management interfaces on the open Web. Thanks to the Cybersecurity and Infrastructure Security Agency (CISA), that will change quickly — possibly too quickly, according to some experts. On June 13, CISA released Binding Operational Directive (BOD) 23-02, with the goal of eliminating…

Network Security

Issued by: Dark Reading

Nokod Security, a company developing security for low-code / no-code custom applications and Robotic Process Automation (RPA), announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain….

Application Security

Issued by: DataBreach Today

As organizations continue to embrace digital transformation, it’s essential to ensure that applications and APIs are protected. Application security testing, or AST, and API security testing are important components of a comprehensive cybersecurity strategy. AST is the process of analyzing application code and configurations to identify potential vulnerabilities. API security testing ensures that APIs are…

Malware & Threats

Issued by: Security Affairs

A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — infiltrating over a million websites and leaving administrators scrambling for solutions. In April 2023, Bleeping Computer and other tech outlets like TechRadar began circulating reports of cybercriminals successfully hacking WordPress websites. They were able to gain access…