New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail

After reading the technical details about this zero-day that targeted governmental entities and a think tank in Europe and learning about the Winter Vivern threat actor, get tips on mitigating this cybersecurity attack. Continue reading New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail

New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers

The number of devices exposing the web UI on the internet, a timeline and technical details about this malicious activity, and tips for mitigating this zero-day threat are featured. Continue reading New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers

Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America

Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this cybersecurity threat.
The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targetin… Continue reading Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m […]

The post Does Follina Mean It’s Time to Abandon Microsoft Office? appeared first on Security Intelligence.

Continue reading Does Follina Mean It’s Time to Abandon Microsoft Office?

Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

You’d have to look far and wide to find an IT professional who isn’t aware of (and probably responding to) the Log4Shell vulnerability. The Operational Technology (OT) sector is no exception, yet the exact exposure the vulnerability poses to OT technology is yet to be fully uncovered.  The vulnerability was first made public earlier this […]

The post Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them appeared first on Security Intelligence.

Continue reading Log4Shell Vulnerability Risks for OT Environments — and How You Can Better Protect Against Them

How Log4j Vulnerability Could Impact You

If you hadn’t heard of Apache Log4j, chances are it’s on your radar now. In fact, you may have been using it for years. Log4j is a logging library. Imagine writing your daily activities into a notebook. That notebook is Log4j. Developers and programmers use it to take notes about what’s happening on applications and […]

The post How Log4j Vulnerability Could Impact You appeared first on Security Intelligence.

Continue reading How Log4j Vulnerability Could Impact You

Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform

In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same standards. Concerns around vulnerability management are gaining more government attention around the world in order […]

The post Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform appeared first on Security Intelligence.

Continue reading Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform

Zero Trust: What NIST’s Guidelines Mean for Your Resources

In May, The White House released an executive order on improving the nation’s cybersecurity. The order came with various directives for Federal Civilian Executive Branch agencies. Among other efforts, the order focused on the federal government’s advance toward zero trust architecture (ZTA). It framed this journey as one “which shall incorporate, as appropriate, the migration […]

The post Zero Trust: What NIST’s Guidelines Mean for Your Resources appeared first on Security Intelligence.

Continue reading Zero Trust: What NIST’s Guidelines Mean for Your Resources

The Truth About Zero-day Vulnerabilities in Web Application Security

Zero-Day Vulnerabilities are highly valued in legitimate bug bounty programs and have earned bounties of up to USD 2 million. Since no patches or fixes exist, 0-day attacks/exploits are highly.
The post The Truth About Zero-day Vulnerabilities in Web A… Continue reading The Truth About Zero-day Vulnerabilities in Web Application Security