September 4, 2024 at 12:59PM Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that allowed unauthorized access to unpatched systems with administrative privileges. Based on the meeting notes, the key takeaway is that Cisco has eliminated a backdoor account in the Cisco Smart Licensing Utility (CSLU), preventing unauthorized access to … Read more
September 4, 2024 at 10:12AM Google has released its monthly security updates for the Android operating system to address a high-severity vulnerability (CVE-2024-32896) related to privilege escalation in the Android Framework component. The vulnerability has been actively exploited and impacts the entire Android ecosystem. Users are advised to update their devices to protect against potential … Read more
September 3, 2024 at 11:48AM D-Link has issued a warning about four remote code execution (RCE) vulnerabilities affecting all hardware and firmware versions of its DIR-846W router. They will not be patched as the products are no longer supported. Based on the meeting notes, the key takeaway is that D-Link has warned about four remote … Read more
September 3, 2024 at 10:18AM CISO Conversations featured cybersecurity leaders Jaya Baloo and Jonathan Trull discussing their routes to CISO positions. Baloo started without formal computer education, leveraging her informal training and experience. Trull studied computer science and later gravitated into cybersecurity from the navy. Both emphasized the need for diverse, cohesive security teams and … Read more
September 2, 2024 at 05:12AM The cybersecurity landscape is ever-changing, with new vulnerabilities and sophisticated attackers. Artificial Intelligence (AI) is set to revolutionize vulnerability management by enabling the identification of risks at scale, prioritizing threats, and automating tasks for faster remediation. A webinar will explore how AI empowers security teams and fosters a proactive security … Read more
August 30, 2024 at 07:24AM Fortra announced patches for critical vulnerabilities in FileCatalyst Workflow, including a flaw involving leaked credentials (CVE-2024-6633) and a high-severity SQL injection issue (CVE-2024-6632). These vulnerabilities could grant an attacker remote access and perform dangerous operations. The company advises customers to update to FileCatalyst Workflow version 5.1.7 build 156 to mitigate … Read more
August 29, 2024 at 03:30PM CISA has added a critical security flaw in the Apache OFBiz open source ERP system to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2024-38856, the bug carries a score of 9.8 out of 10 on the CVSS scale, enabling pre-authentication RCE. Organizations must update to version 18.12.15 by Sept. 17 … Read more
August 29, 2024 at 08:37AM Dragos updated its network visibility and cybersecurity platform with streamlined workflows for threat detection and vulnerability management in operational technology environments. The latest updates include new local collector and file ingestion capabilities, expanding data collection options. The Dragos Platform integrates with Drags WorldView and Neighborhood Keeper to streamline vulnerability management … Read more
August 29, 2024 at 04:42AM Two major ICS/OT security firms made product announcements: Dragos released a platform to streamline threat and vulnerability workflows, enhancing asset inventory capabilities, and adding customizable filters for efficient asset data management. Nozomi Networks collaborated with Mandiant to enhance its threat intelligence and announced Vantage Threat Cards for quick access to … Read more
August 27, 2024 at 11:25AM Jon Clay reviews seven key initial attack vectors and provides proactive security tips to reduce cyber risk across the attack surface amid the rapid expansion of the digital attack surface due to digital transformation and remote work. The vectors include email, web and web applications, vulnerabilities, devices, island hopping, insider … Read more