Also notable this month is the dramatic growth in CVE-2020-25078, which is also an IoT vulnerability but this time in several IP cameras. On the one hand the volume of traffic scanning for this vulnerability was not remarkable, with ~3600 connections in February, but only 200 connections were attempted in January, which means traffic increased…
Read More“Those that fail to learn from history are doomed to repeat it.” Winston Churchill’s paraphrased wisdom rings true 72 years later as we brace ourselves for evolving cyber threats. Many companies have thousands of applications with long lost source code written by developers from days gone by, and no solution in place to understand the…
Read More
Mitigation Coverage Restrict web-based content 7 Disable or remove feature or program 5 Multifactor authentication 5 Network segmentation 5 User training 5 Application isolation and sandboxing 4 Exploit protection 4 Network intrusion prevention 4 Privileged account management 4 User account management 4 Antivirus/antimalware 3 Data backup 3 Filter network traffic 3 Password policies 3 Update…
Read MoreBoth the car repair and travel app scenarios begin with the concept of request and response. Someone or something requests a service, and fulfillment only occurs in response to a request. The facilitator of the request is the interface; it is not just a messenger but also an interpreter. Few of us speak “the language…
Read MoreHere we are in April 2023, which gives us another opportunity to see what vulnerabilities attackers were most interested in last month. After receiving a huge amount of attacker attention from November 2022 to February 2023, CVE-2020-8958 has returned to volumes of traffic more consistent with what we’d come to expect over the last year…
Read MoreWhy does vulnerability management fail? There are a couple of reasons: Enterprise IT teams can’t keep up with all the vulnerabilities because secure coding hasn’t been, and still isn’t, a priority across all organizations that write software. In a recent F5 security event where 300 participants responded to live polling, 21% of respondents said they…
Read MoreBy now you have probably heard about another raft of high-severity vulnerabilities in the open-source Java application framework, Spring. The Spring Framework is a collection of programming libraries which allow developers to easily integrate features into their apps such as authentication, data access, testing, and even the creation of web applications on top of Java…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-002 DATE(S) ISSUED: 01/09/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or…
Read MoreWelcome to the Sensor Intelligence Series for April 2023. Last month was comparatively quiet in terms of attack traffic, like March before it. CVE-2020-8958 (an OS command injection vulnerability in a GPON router) remained the top-targeted vulnerability, as it has for nine of the last ten months. Many of the other top targets, such as…
Read MoreThe Power of Data Massive amounts of new data are generated every day. In 2017, IBM calculated that 90% of all the world’s data had been created within the past two years. Data shapes our knowledge, decisions, and everyday life; data has power. Thanks to the fact that technology devices are getting smaller and smaller,…
Read More