Jul 10, 2024NewsroomVulnerability / Network Security Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due…
Read MoreApply the stable channel update provided by Mozilla to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o…
Read More
The second year of Gartner rankings for single-vendor SASE (secure access service edge) featured nine vendors in total. Cato Networks moved up and Netskope appeared for the first time as Gartner released its latest Magic Quadrant ranking of single-vendor SASE vendors — with the two companies joining Palo Alto Networks in the sought-after “leaders” quadrant…
Read More
“Prior to our work, there was no publicly-known attack exploiting MD5 to violate the integrity of the RADIUS/UDP traffic,” the researchers wrote in a blog post. “However, attacks continue to get faster, cheaper, become more widely available, and become more practical against real protocols. Protocols that we thought might be ‘secure enough,’ in spite of…
Read More
Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. Organized and managed by a deputy editor-in-chief at Russian state-run news organization Russia Today (RT) and a Russian…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V Privilege Escalation Vulnerability CVE-2024-38112 Microsoft Windows MSHTML Platform Spoofing Vulnerability These types of vulnerabilities are frequent attack vectors…
Read More
Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H2, which includes up to thirty-one improvements and changes. The changes include a new feature that adds back the “Show Desktop” button, which Copilot replaced. This update was released as part of Microsoft’s July 2024 Patch Tuesday and is mandatory to install as it contains security updates for…
Read MoreAlmost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. Organized and managed by a deputy editor-in-chief at Russian state-run news organization Russia Today (RT) and a Russian…
Read More
A few weeks ago, my wife asked me why stopping threat actors from impacting our lives is so difficult. In this digital age, the necessity to connect online brings inherent exposure to vulnerabilities. The challenge for you as a security leader lies in reducing the sense of vulnerability by building trust. You need to protect…
Read MoreApply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o…
Read More