D-Link Warns of RCE Vulnerability in Legacy Routers
D-Link this week issued an alert on a remote code execution (RCE) vulnerability affecting six router models that have been discontinued. The issue, which does not have a CVE identifier, is described as a buffer overflow that could be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable products. According to D-Link, all […]
Read More
CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation
CISA this week warned organizations that it’s aware of attacks exploiting a vulnerability in Progress Software’s Kemp LoadMaster. The product, an application delivery controller (ADC) and load balancer, is affected by a critical vulnerability tracked as CVE-2024-1212, which CISA has added to its Known Exploited Vulnerabilities (KEV) catalog. The flaw has been described as an […]
Read More
GitHub Launches Fund to Improve Open Source Project Security
Code-hosting platform GitHub on Tuesday announced a new effort to improve the security and sustainability of open source projects through financial help, education, certification, and more. The Microsoft-owned platform is now accepting applications for the GitHub Secure Open Source Fund, which launches with $1.25 million to be invested in 125 projects, and will leave applications […]
Read More
Cyera Raises $300 Million at $3 Billion Valuation
Data security company Cyera announced on Wednesday that it has raised $300 million in a Series D funding round. The latest investment, which brings the total raised by the firm since it was founded in 2021 to $760 million, was led by Accel and Sapphire Ventures, with participation from Sequoia, Redpoint, Coatue, and Georgian. “This […]
Read More
Oracle Patches Exploited Agile PLM Zero-Day
Oracle this week announced patches for a high-severity information disclosure vulnerability in Agile Product Lifecycle Management (PLM) that has been exploited in the wild. Tracked as CVE-2024-21287 (CVSS score of 7.5), the zero-day affects Agile PLM version 9.3.6 and can be exploited remotely without authentication. In its advisory, Oracle has credited Joel Snape and Lutz […]
Read More
Ford Says Blames Third-Party Supplier for Data Breach
Ford has completed an investigation launched after hackers claimed to have stolen customer information. Hackers named IntelBroker and EnergyWeaponUser claimed in a post on the BreachForums cybercrime forum on November 17 that they had obtained 44,000 Ford customer records, including names, physical addresses, and information on acquisitions. As SecurityWeek pointed out in its initial article, […]
Read More
CERT vs. CSIRT vs. SOC: What’s the difference?
CERT, CSIRT, CIRT and SOC are terms you’ll hear in the realm of incident response. In a nutshell, the first three are often used synonymously to describe teams focused on incident response, while the last typically has a broader cybersecurity and security scope. Still, terminology can be important. Inconsistent terminology can cause misunderstandings of what […]
Read More
Top 12 IoT security threats and risks to prioritize
IoT endpoints have become prime targets for hackers. In fact, Forrester Research concluded in its “The State of IoT Security, 2023” report that IoT devices were the most reported target for external attacks; they were attacked more than either mobile devices or computers. That’s not so surprising, given the challenges with securing an IoT ecosystem. […]
Read More
Risk assessment vs. threat modeling: What’s the difference?
Risk assessments and threat modeling enable organizations to learn how exposed they are to a successful attack. Both approaches are important, but understanding the differences between risk assessments and threat modeling requires companies know what constitutes a risk and what constitutes a threat. And that requires a definition of vulnerability. A security vulnerability is some […]
Read More