Hardcoded admin passwords in Cisco DNA Center could put your enterprise network at risk

Cisco released a list of 16 security advisories on May 16, including three critical flaws in the Cisco Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale. The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. […]

Open-source vulnerabilities plague enterprise codebase systems

A new report into the state of enterprise security suggests that the majority of codebases in use contain known vulnerabilities due to the use of open-source components. Synopsys has released the Black Duck by Synopsys 2018 Open Source Security and Risk Analysis (OSSRA) report, which found that open-source adoption is on the rise in the enterprise — but […]

Enterprise vulnerability management as effective as ‘random chance’

The enterprise is not up to speed when it comes to cybersecurity remediation strategies, it seems. According to a new report by Kenna Security and the Cyentia Institute, a lack of planning and structure in patch management, vulnerability fixes, and cybersecurity risk management has led to cybersecurity strategies which are based on chance and luck, rather […]

The pace of vulnerability disclosure shows no signs of slowing

Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year, according to Risk Based Security’s 2018 Q1 Vulnerability QuickView Report. 5,375 unique vulnerabilities were reported. This is just a 1.8% increase over the same period in 2017. Note that this number will continue to rise […]

Researchers warn PGP and S/MIME users of serious vulnerabilities

A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which if exploited could reveal plain text communications. The issue also impacts emails from the past. “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or […]

OpenFlow SDN protocol flaw affects all versions, could lead to DoS attack

OpenFlow, a protocol used widely in software-defined networking (SDN), suffers from a serious security bug: Important authentication and authorization steps are missing from its handshake process. OpenFlow is maintained by the Open Networking Foundation(ONF) and came about in 2011. It is designed to be a vendor-neutral protocol for managing packet movement between switches and building software-defined networks. Securing […]

Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability

F5 researchers recently noticed a new campaign exploiting a year-old vulnerability in Microsoft Internet Information Services (IIS) 6.0 servers  to mine Electroneum cryptocurrency using the same IIS vulnerability (CVE–2017–7269) reported last year by ESET security researchers to have been abused to mine Monero and launch targeted attacks against organizations by the notorious “Lazarus” group. Lazarus group […]

Microsoft Windows, Apple macOS, Linux, BSD: All hit by same ‘serious’ security flaw

Windows, macOS, major Linux distributions, FreeBSD, VMware, and Xen on x86 AMD and Intel CPUs are affected by a serious security flaw caused by operating system developers misinterpreting debug documentation from the two chip makers. The affected OS and hypervisor makers have released fixes for the common flaw that may allow an authenticated attacker “to […]

Microsoft’s Patch Tuesday Fixes Two CVEs Under Active Attack

Microsoft’s Patch Tuesday arrived with a sense of urgency this month, addressing two vulnerabilities under active attack and 66 other CVEs affecting Windows, Office, Office Services, Internet Explorer, Edge, Visual Studio, Web Apps, ChakraCore, Hyper-V Server, and Azure IoT SDK. Of the 68 total CVEs addressed, 21 are rated as Critical, 45 are considered Important, […]

After Equifax breach, major firms still rely on same flawed software

Last year’s massive data breach at Equifax should have been a wake-up call for the entire industry. Hackers stole 145 million records by exploiting a vulnerability in a widely used open-source web server software that the credit rating giant failed to patch months earlier. But a year after the patches were released, some of the world’s wealthiest companies are […]