firewalls Archives - Cyber Security Minute

UK-Based API Security Firm 42Crunch Raises $17 Million

Issued by: Security Week

42Crunch provides an application programming interface (API) ‘micro firewall’. APIs are a serious and growing threat vector. In 2019, Gartner stated, “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.” Its proposed solution was, “Use a Combination of API Management and Web…

Vulnerabilities

Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks

Issued by: Security Week

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren’t sufficiently…

Network Security

Why do we need a risk-based approach to authentication?

Issued by: Help Net Security

20 years ago, everyone worked at a desktop workstation hardwired into an office building. This made network security simple and organizations felt they could depend on the time-tested method of the trusted perimeter. Firewalls were relied on to keep out external threats, and anything within the network was considered secure and safe. Today, however, the…

Vulnerabilities

Java and Python FTP attacks can punch holes through firewalls

Issued by: CIO Security

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

Software Security

IDG Contributor Network: 6 steps to creating a culture of security ownership

Issued by: CIO Security

The state of corporate cyber-security is anything but static. With the list of potential threats diversifying, the stakes are high for securing company systems and data. As the average cost of a data breach grows (currently estimated at $4 million), business leaders’ appetite for risk lessens. And yet fewer than half of information security professionals…

Network Security

Flaw in Schneider Industrial Firewalls Allows Remote Code Execution

Issued by: Security Week

On Wednesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, in a presentation meant to demonstrate that attackers could easily bypass defenses if proper ICS protection technologies are not in place, researchers at industrial security firm CyberX disclosed the existence of several important flaws. One of them affects Schneider Electric’s ConneXium TCSEFEC family of industrial ethernet…