CISO Stressbusters: 7 tips for weathering the cybersecurity storms
An essential requirement of being a Chief Information Security Officer (CISO) is stakeholder management. In many organizations, security is still seen as a support function; meaning, any share of the budget you receive may be viewed jealously by other departments. Bringing change to an...
-0.6AI Score
Disinformation Spurs a Thriving Industry as U.S. Election Looms
In the years since the 2016 U.S. Presidential Election, threat actors have pieced together a new playbook for sowing confusion and doubt within the American electorate. On Wednesday, researchers with Cisco Talos released a report [PDF] that details how a number of these new sophisticated campaigns....
-0.3AI Score
Chris Vickery: AI Will Drive Tomorrow’s Data Breaches
From malicious hacks to accidental misconfigurations, Chris Vickery has seen it all. But as cybercriminals continue to innovate, Vickery, the director of risk research with UpGuard, said one emerging security threat will “blindside” the world: “fakeable” voices. More bad actors using artificial...
-0.5AI Score
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....
7.5CVSS
7.7AI Score
0.002EPSS
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the....
7.5CVSS
7.7AI Score
0.002EPSS
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about two recently detected variants of existing Linux botnet malware types targeting exposed Docker servers. Also, read about a group.....
0.3AI Score
About the security content of iOS 12.4 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
8.8CVSS
0.1AI Score
0.961EPSS
About the security content of watchOS 5.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
8.8CVSS
0.8AI Score
0.961EPSS
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
7.8CVSS
0.6AI Score
0.961EPSS
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed...
7.5CVSS
7.6AI Score
0.004EPSS
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed...
7.5CVSS
7.6AI Score
0.004EPSS
There is a denial of service (DoS) vulnerability in some huawei products when handle TLS and DTLS handshake with certificate. This VT has been deprecated and is therefore no longer...
5.3CVSS
5.3AI Score
0.002EPSS
There is a uncontrolled format string vulnerability when the license module of some Huawei products output the log information. This VT has been deprecated and is therefore no longer...
5.5CVSS
5.5AI Score
0.0004EPSS
There is an input validation vulnerability in Huawei Multiple products. This VT has been deprecated and is therefore no longer...
8.8CVSS
8.9AI Score
0.004EPSS
Huawei Data Communication: RCE Vulnerability in Fastjson (huawei-sa-20191204-01-fastjson)
A remote code execution (RCE) vulnerability exists in the open- source JSON parsing library Fastjson. This VT has been deprecated and is therefore no longer...
8.2AI Score
There is a weak algorithm vulnerability in some Huawei...
0.1AI Score
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc...
9.8CVSS
8AI Score
0.911EPSS
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256...
5.9CVSS
7.1AI Score
0.008EPSS
There are two memory leak vulnerabilities in XMLparser module of Huawei...
0.2AI Score
Huawei Data Communication: DoS Vulnerability in Some Huawei Products (huawei-sa-20171202-01-pse)
There is a DoS vulnerability caused by memory exhaustion in some Huawei...
0.3AI Score
0.0004EPSS
There is a memory leak vulnerability in some Huawei...
5.5CVSS
4AI Score
0.0004EPSS
There is buffer overflow vulnerability in some Huawei...
5.3CVSS
5.6AI Score
0.001EPSS
Some Huawei products have a weak cryptography...
9.8CVSS
9.7AI Score
0.004EPSS
There is a resource exhaustion vulnerability on several...
5.3CVSS
5.4AI Score
0.002EPSS
Huawei Data Communication: Side-Channel Vulnerability Variants 3a and 4 (huawei-sa-20180615-01-cpu)
Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and...
5.5CVSS
7.7AI Score
0.003EPSS
There is a memory leak vulnerability in some Huawei...
3.3CVSS
4AI Score
0.0004EPSS
There is an out-of-bounds read vulnerability in H323 protocol of Huawei...
5.3CVSS
5.3AI Score
0.002EPSS
Huawei Data Communication: CPU Side Channel Vulnerability L1TF (huawei-sa-20180815-01-cpu)
Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646). This VT has been deprecated and is therefore no longer...
6.4CVSS
7.7AI Score
0.002EPSS
Huawei Data Communication: CPU Vulnerabilities 'Meltdown' and 'Spectre' (huawei-sa-20180606-01-cpu)
Security researchers disclosed two groups of CPU...
-0.1AI Score
0.976EPSS
There is an insufficient validation vulnerability in some Huawei...
5.9CVSS
5.8AI Score
0.001EPSS
There is a weak algorithm vulnerability in some Huawei...
0.2AI Score
0.002EPSS
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack...
5.9CVSS
6.6AI Score
0.01EPSS
There is a null pointer reference vulnerability in PEM module of Huawei products due to insufficient...
5.5CVSS
5.4AI Score
0.0004EPSS
Huawei Data Communication: Two Vulnerabilities in Some Huawei Products (huawei-sa-20171018-01-h323)
There is a DoS vulnerability in some Huawei...
6.5CVSS
6.5AI Score
0.001EPSS
NERC CIP Compliance in Azure vs. Azure Government cloud
As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...
0.2AI Score
5.3CVSS
6.1AI Score
0.001EPSS