Author: DEFENDEDGE

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll! Read more

Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio. Read more

Original release date: December 2, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305.  This vulnerability was addressed by the… Read more

Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and… Read more

Original release date: December 2, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the third of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part III: Data Protection examines security during all phases of the data lifecycle—in transit, in use, and at rest. The guidance focuses on protecting the confidentiality,… Read more

Original release date: December 2, 2021 Mozilla has released security updates to address a vulnerability in Network Security Services (NSS).  An attacker could exploit this vulnerability to take control of an affected system.   CISA encourages users and administrators to review the Mozilla Security Advisory for NSS and apply the necessary update.  This product is provided… Read more

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. Read more

Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing. Read more

Original release date: December 1, 2021 CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the… Read more

The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks.    Read more