Collaborate Disseminate
RSA Conference 2022 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is available here, and part 2 is here. Here are a few photos from the event, featur… Continue reading Photos: RSA Conference 2022, part 3
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was f… Continue reading Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. Continue reading Microsoft Patch Tuesday, May 2022 Edition
Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals must prioritize and address viable threats from an overwhelming number of rep… Continue reading Vulnerabilities and cyberattacks that marked the year 2021
Here’s a look at the most interesting products from the past month, featuring releases from: Actiphy, Anomali, AvePoint, Ciphertex Data Security, Contrast Security, CRITICALSTART, CybeReady, Dasera, Deepfence, Dtex Systems, Elastic, Endace, Enzoic, Ext… Continue reading Infosec products of the month: March 2022
Here’s a look at the most interesting products from the past week, featuring releases from CRITICALSTART, MetricStream, Nebulon, Rapid7, SEON, and Veriff. Rapid7 introduces cloud workload protection in InsightCloudSec Rapid7 announced new cloud workloa… Continue reading New infosec products of the week: April 1, 2022
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began… Continue reading Spring4Shell: No need to panic, but mitigations are advised
Rapid7 announced new cloud workload protection capabilities for InsightCloudSec, the company’s fully-integrated cloud-native security platform (CNSP). These enhancements, which include native vulnerability assessment for container and Kubernetes enviro… Continue reading Rapid7 introduces cloud workload protection in InsightCloudSec
Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of), and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here’s a look at the security weaknesses Microsoft says are most likely to be targeted first. Continue reading Microsoft Patch Tuesday, March 2022 Edition
Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents. Continue reading Microsoft Patch Tuesday, February 2022 Edition