The unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Security director Ian Keller lists the top four challenges and discusses strategies to overcome them.
Threat actors are exploiting another zero-day flaw in Cisco's IOS XE software to implant a malicious backdoor. The IOS XE operating system runs on a wide range of Cisco networking devices, including routers, switches, wireless controllers, access points and more.
Tenable held steady atop Forrester's vulnerability risk management rankings while Vulcan Cyber broke into the leaders category and Rapid7 and Qualys tumbled from the leaderboard. The way vendors deliver vulnerability management has shifted away from ingesting vulnerability assessment results.
Cisco issued an urgent warning Monday about a critical vulnerability in one of its modular operating system's web interfaces that is designed for routers, switches and other appliances. Hackers exploited the IOS XE software UI to gain admin rights that give them full control of compromised devices.
The violent surprise attack on Israel by Hamas and the region's escalating war spotlights the critical importance of situational awareness, and especially for healthcare organizations that rely on medical or tech products from Israeli technology firms, said Denise Anderson, president of the H-ISAC.
Year after year, the rise in large-scale data breaches is faster and steeper. Not only is your business at risk, but so are your customers – as we keep learning, the hard way.
As we adjusted to the pandemic, cybersecurity trended – quite unfortunately – in the wrong direction. While our work lives merged with...
Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers' location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder software, opening a permanent backdoor for unauthenticated attackers.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Hackers have weaponized a zero-day in a popular workspace collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, Atlassian's Confluence Data Center and Server products, which serves millions of daily active users.
Detecting, prioritizing and remediating open source software supply chain vulnerabilities can be challenging. CISOs can build robust strategies by having near real-time visibility of all their hybrid assets and performing remediation engineering at scale, said Qualys' Debashish Jyotiprakash.
China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.
Google released a fix on Monday for a Chrome zero-day that allows an attacker to remotely target a vulnerable version of the browser. The bug is tracked as a heap buffer overflow in the WebP image format, which is specifically designed to optimize web images.
Penetration testing is a cornerstone of cybersecurity, essential for evaluating your defenses against potential threats. But how should you approach it? The answer lies in tailoring your strategy to your unique needs.
Download the guide written by Fortra and discover the perfect balance between in-house expertise and...
The message is crystal clear: Cybersecurity threats are soaring. Cybercriminals are multiplying, and their audacity knows no bounds. Did you know that a ransomware attack strikes every 11 seconds, with a record payout of $50 million in 2021? It's a stark reality, but should we simply accept this as the new...
Multiple nation-state hacking groups have been exploiting known flaws in Zoho ManageEngine software and Fortinet firewalls to steal data, cybersecurity officials warn. A new alert details exploits of each vulnerability by separate groups that targeted the same aeronautical firm.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.