Category Archives: attack

Transforming cybersecurity from reactive to proactive with attack path analysis

Posted on by

An attack path is important to prioritize potential risks in cloud environments. The attack path offers the ability to look at cloud environments from the attacker’s perspective. With today’s general awareness and concerted effort toward cybersec… Continue reading Transforming cybersecurity from reactive to proactive with attack path analysis

Apple news: iLeakage attack, MAC address leakage bug

Posted on by

On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to be mention… Continue reading Apple news: iLeakage attack, MAC address leakage bug

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

Posted on by

Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity co… Continue reading “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

Posted on by

A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. About … Continue reading Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

Posted on by

Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late August… Continue reading Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

Why zero trust delivers even more resilience than you think

Posted on by

Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable trend than as a mere option on the security menu. At the same time, however, it… Continue reading Why zero trust delivers even more resilience than you think

Is your identity safe? Exploring the gaps in threat protection

Posted on by

A recent study from Silverfort has identified the identity attack surface as today’s most substantial weakness in cybersecurity resilience. Traditional approaches, such as MFA and PAM, have notable limitations that can lead to the exploitation of… Continue reading Is your identity safe? Exploring the gaps in threat protection

IEEE 802.11az provides security enhancements, solves longstanding problems

Posted on by

In this Help Net Security interview, Jonathan Segev, IEEE 802.11 Task Group (TG) Chair of next-generation positioning (TGaz) at IEEE, discusses IEEE 802.11az. The new standard will enable accuracy to less than 0.1 meters, which is a significant improve… Continue reading IEEE 802.11az provides security enhancements, solves longstanding problems