network security

Malware & Threats

Issued by: Security Week

Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. Smart Install can be very useful for organizations, but it can also pose a serious security risk. Once a device has been set up through Smart Install, the feature remains enabled and it can be accessed without…

Network Security

Issued by: Security Week

According to NVIDIA, Morpheus leverages machine learning to identify anomalies and threats — such as phishing, data leaks and malware — through real-time inspection of all IP traffic in an organization’s data centers. NVIDIA Morpheus framework uses BlueField DPUMorpheus works with NVIDIA’s BlueField data processing units (DPUs), a powerful processor designed specifically for data centers….

Malware & Threats

Issued by: Security Week

With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and adversaries didn’t wait long to start abusing these tools. According to Cisco’s Talos researchers, the past year has shown a significant increase in the abuse of such platforms as part of malicious…

Vulnerabilities

Issued by: Security Week

Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks. The suite of tools provides testing, administration, and auditing capabilities. Domain Time II consists of client and server programs, and both use the same executable to check for updates, namely dttray.exe….

Network Security

Issued by: Security Week

PCAP, or full packet data capture for analysis, does what it says – it captures the entirety of every packet that comprises the network traffic (both metadata and content). If something happens on the network, PCAP knows about it. Whether it is malware moving data around, or staff arranging a private party, it can be…

Application Security

Issued by: Security Week

The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple’s flagship iOS platform and the company said it was “aware of reports that an exploit for this issue exists in the wild.” As is customary, the company did not provide any additional details on the in-the-wild attacks. A brief advisory describes…

Malware & Threats

Issued by: Security Week

Malware hunters at U.K.-based NCC Group are raising the alarm for mass scanning and “multiple exploitation attempts” with exploits targeting critical security flaws in the F5 enterprise networking infrastructure products. The vulnerabilities were patched on March 10 and are considered high-priority fixes because of the risk of exposure to authentication bypass and remote code execution…

Vulnerabilities

Issued by: Security Week

The BIG-IP software powers a wide range of products, including hardware, modularized software, and virtual appliances, which run on the TMOS architecture and provide customers with modules that support load balancing, firewall, access control, threat protection, and more. On March 10, F5 announced the release of fixes for multiple vulnerabilities in BIG-IP, some of which…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-1844 and co-reported by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, the flaw was addressed with software updates for macOS, iOS, watchOS, and Safari. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim…