Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devices. The Cisco Smart Software Manager…
Category: Software Security Archives – Software Curated
Vulnerability in Cisco Smart Software Manager lets attackers change any user password
Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devices. The Cisco Smart Software Manager…
Cybersecurity strategies for protecting data against ransomware and other threats
Data volumes continue to expand at an exponential rate, with no sign of slowing down. For instance, IDC predicts that the amount of commercial data in storage will grow to 12.8 ZB by 2026. To watch 12.8 ZB worth of…
Biden administration bans Kaspersky software sales in US over national security concerns
Commerce Secretary Gina Raimondo didn’t mince words when explaining the rationale behind this step during a press briefing. “Russia has shown it has the capacity and the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal…
1Password unveils new sign-in experience and recovery codes feature
With Apple releasing its own Passwords app with iOS 18, 1Password wants to ensure it’s still the go-to option for everyone’s passwords, two-step verification codes, and other sensitive information stored with end-to-end cryptography. This is why the company is unveiling…
Bridging the gap between legacy tools and modern threats: Securing the cloud today
The cloud will become a cornerstone of enterprise operations as IDC estimates that by 2025, there will be over 750 million cloud-native applications globally. Additionally, over 90% of organizations anticipate employing a multi-cloud approach over the next few years. Considering…
Hackers exploited “Free VPN” to build massive fraud botnet, hit with US sanctions
The Treasury’s Office of Foreign Assets Control (OFAC) designated three individuals – Yunhe Wang, Jingping Liu, and Yanni Zheng – as the ringleaders of the 911 S5 botnet scheme. They also blacklisted three Thailand-based companies owned by Wang that were…
Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline
Data protection is a key component of cloud services, and code pipelines running on public clouds are no exception. Data protection is based on several basic principles designed to protect information from misuse, disclosure, alteration, and destruction. These principles are…
Delivering Software Securely: Techniques for Building a Resilient and Secure Code Pipeline
Data protection is a key component of cloud services, and code pipelines running on public clouds are no exception. Data protection is based on several basic principles designed to protect information from misuse, disclosure, alteration, and destruction. These principles are…
Apple updates its Platform Security Guide
It’s essential reading for IT admins, security researchers and anyone with an interest in Apple security, now updated for 2024. Apple’s head of security engineering and architecture, Ivan Krstić, this week announced the publication of what should be essential reading…
Microsoft Will Hold Executives Accountable for Cybersecurity
Microsoft will make organizational changes and hold senior leadership directly accountable for cybersecurity as part of an expanded initiative to bolster security across its products and services. Microsoft’s executive vice president of security, Charlie Bell, announced the plans in a…
Does cloud security have a bad reputation?
The recent discourse around the security of cloud computing in the banking sector, highlighted by Nicholas Fearn’s piece in the Financial Times, paints a somewhat grim picture of the cybersecurity landscape when it comes to banks moving to cloud computing.…
Cisco Launches A New AI-Focused Security Solution
According to a corporate news release, the software, named HyperShield, employs artificial intelligence (AI) to safeguard apps, devices, and data across public and private data centres, clouds, and physical locations. HyperShield is the company’s second acquisition after purchasing cybersecurity startup…
Application Security Optimised for Engineering Productivity
Laura Bell Main, author of Agile Application Security and founder of SafeStack, recently presented a webinar titled Decoding Dev Culture 2024, in which she provided a “from the ground view” of security in 2024. Drawing from her experience, and a…
Apple Warns Users in 92 Countries About Mercenary Spyware Attacks
Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely because of who they are or what they do. According to TechCrunch, Apple sent the alerts to…
Feds say Microsoft security ‘requires an overhaul’ — but will it listen?
Microsoft AI-Driven Security Tool Copilot for Security is Now GA
Microsoft recently announced the general availability of Copilot for Security, a generative Artificial Intelligence (AI) security product designed to help security and IT teams with the capabilities to protect their digital assets. Copilot for Security’s general availability introduces several new…
Microsoft reveals how much Windows 10 Extended Security Updates will cost
In an official blog post, Microsoft announced that organizations will have three options to extend update support for Windows 10: the traditional 5-by-5 activation, Windows 365 subscription-based activation, and cloud-based activation. The first option will be available for $61 per device…
Microsoft unveils safety and security tools for generative AI
Microsoft is adding safety and security tools to Azure AI Studio, the company’s cloud-based toolkit for building generative AI applications. The new tools include protection against prompt injection attacks, detection of hallucinations in model output, system messages to steer models…
Robust remote access security for the utilities sector advances with Zero Trust
Infrastructure, specifically the utilities sector, must adopt a Zero Trust approach as ongoing cyberattacks by remote actors become more and more prevalent—threatening to disrupt everyday life. Cyberattacks on utilities more than doubled from 2020 to 2022. It’s likely the case…
Google Cloud Launches Security Command Center Enterprise
Google Cloud has launched Security Command Center (SSC) Enterprise, a cloud risk management solution that offers proactive cloud security with enterprise security operations. The solution helps customers manage and mitigate risk across multi-cloud environments and is enhanced by Mandiant expertise.…
Best Practices for AI Training Data Protection
With the rise of AI, data protection challenges are evolving in parallel with the emerging technologies to both threaten and protect an enterprise’s data assets. When training AI, the massive quantities of data utilized for AI models pose new and…
Enterprise Security Gets Personal: Enter the Human Firewall
Security professionals frequently use the “weakest link in a chain” adage as the basis for their approach to safeguarding their networks, corporate data, and enterprise IT resources. And in many cases, the weakest link that concerns them the most is…
5 tips for securing your remote workspace
Read our top tips on how employees can play a key role securing the enterprise when working remotely. Hybrid and remote working have become a permanent feature for the majority of businesses, as shown by multiple studies. However, for IT…
Antivirus Software: A Comprehensive Guide
There are several parallels between real viruses and computer viruses. Antivirus software, which offers comprehensive protection throughout the year, is essential for keeping your data and PCs safe from viruses and other dangers. Antivirus software may check for and eliminate…
Protecting against software supply chain attacks
Last year’s MOVEit and 3CX vulnerabilities offered a stark reminder of the risk software supply chain attacks pose today. Threat actors exploit vulnerabilities to infiltrate a software provider’s network and modify the software’s original functionality with malicious code. Once the…
Cisco Places Bet on AI Cloud Security with Isovalent Purchase
Network equipment giant Cisco on Thursday announced its next big cloud play with a plan to purchase open-source cloud networking and security firm Isovalent to boost its secure networking capabilities across public clouds. Cisco says its acquisition, expected to close…
Avira security software is causing Windows PCs to freeze up, and there’s no fix in sight
Over the past few days, many users have been pouring onto social media platforms and online message boards, complaining that their PC is freezing up randomly if they are running Avira as their AV software of choice. One affected user…
Meta releases open-source tools for AI safety
Meta has introduced Purple Llama, a project dedicated to creating open-source tools for developers to evaluate and boost the trustworthiness and safety of generative AI models before they are used publicly. Meta emphasized the need for collaborative efforts in ensuring…
Hackers stole ancestry data of 6.9 million users, 23andMe finally confirmed
It has now been confirmed that an additional 6.9 million 23andMe users had ancestry data stolen after hackers accessed thousands of accounts by likely reusing previously leaked passwords. 23andMe previously disclosed in a Securities and Exchange Commission filing that 0.1…
6 security best practices for cloud-native applications
The emergence of cloud-native architectures has dramatically changed the ways applications are developed, deployed, and managed. While cloud-native architectures offer significant benefits in terms of scalability, elasticity, and flexibility, they also introduce unique security challenges. These challenges often diverge from…
eBPF Kubernetes Security Tool Tetragon Improves Performance and Stability
Isovalent has announced the 1.0 release of Cilium Tetragon, their eBPF-based Kubernetes security observability and runtime enforcement tool. Policies and filters can be applied directly via eBPF to monitor process execution, privilege escalations, and file and network activity. Tetragon can…
Scaling security: How to build security into the entire development pipeline
When an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” And then, after months of painstaking work, their application launch is delayed even further. That’s why Discover®…