Silver Peak SD-WAN Bugs Allow for Network Takeover

Silver Peak’s Unity Orchestrator, a software-defined WAN SD-WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices. GeForce NOW is the brand used by Nvidia for its cloud-based gaming servic...

The Evolution of the Qualys Cloud Platform

The global pandemic has upended everything, and in the cyber security world in particular it has highlighted the need for organizations to have a cloud-based security and compliance platform, Qualys President and Chief Product Officer Sumedh Thakar said during his keynote Monday at the virtual QS...

If You Don't Have A SASE Cloud Service, You Don't Have SASE At All

The Secure Access Service Edge or SASE has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE...

If You Don't Have A SASE Cloud Service, You Don't Have SASE At All

The Secure Access Service Edge or SASE has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE...

CrimeOps of the KashmirBlack Botnet – Part I

Introduction Being in a research team exposes us to a variety of attacks on different platforms, of different types, scope, and volume. It also gives us the opportunity to select particularly interesting attacks that target our customers and to analyze them. This blog will give you a taste of the...

Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...

What’s New in InsightIDR: Q3 2020 in Review

In July, we provided a rundown of what was new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020 check out the blog post here for a recap. We’ve released some pretty great features and updates since then, so we thought it was time for another recap! This post offers a closer...

Security Takeaways from the Great Work-from-Home Experiment

As states deal with re-opening and in some cases, re-closing, the reality is that for many organizations, remote work will play a significant role in business through 2020 and beyond. And so will increased cybercriminal activity, as demonstrated by a 131 percent increase in viruses and about 600...

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats,...

New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI.

Over the past six months, organizations around the world have accelerated digital transformation efforts to rapidly enable a remote workforce. As more employees than ever access apps via their home networks, the corporate network perimeter has truly disappeared, making identity the control plane...

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...

Black Hat 2020: See you in the Cloud!

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll sti...

Black Hat 2020: See you in the Cloud!

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers in person, an opportunity we look forward to every year. We’ll sti...

Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates

With Business Email Compromises BECs showing no signs of slowing down, it is becoming increasingly important for security analysts to understand Office 365 O365 breaches and how to properly investigate them. This blog post is for those who have yet to dip their toes into the waters of an O365 BEC...

Critical Bugs in Utilities VPNs Could Cause Physical Damage

Remote code-execution vulnerabilities in virtual private network VPN products could impact the physical functioning of critical infrastructure in the oil and gas, water and electric utilities space, according to researchers. Researchers at Claroty found that VPNs used to provide remote access to...

IBM Verify Gateway (IVG) Sensitive Information Plaintext Storage Vulnerability

IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. A security vulnerability exists in IBM Verify Gateway IVG versions 1.0.0 and 1.0.1, which stems from a program that allows sensitive information to be transmitted in clear text. An attacker could exploi...

IBM Verify Gateway (IVG) Sensitive Information Plaintext Transfer Disclosure Vulnerability

IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. IBM Verify Gateway IVG suffers from a Sensitive Information Exposure by Plaintext Transfer vulnerability. The vulnerability stems from the program allowing the transmission of sensitive information in...

IBM Verify Gateway (IVG) User Credentials Plaintext Storage Vulnerability

IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. A user credentials plaintext storage vulnerability exists in IBM Verify Gateway IVG. A local attacker could exploit this vulnerability to read user credentials...

IBM Verify Gateway (IVG) Hardcoded Credentials Vulnerability

IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. A hard-coded credentials vulnerability exists in IBM Verify Gateway IVG. An attacker could exploit the vulnerability to obtain credentials such as passwords or encryption keys...