CVE-2017-12292

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...

CVE-2017-12323

The CVE-2017-12323 set concerns the Cisco Registered Envelope Service web interface. The connected documents confirm there are multiple XSS and redirect vulnerabilities in the service’s web UI due to insufficient validation of user-supplied input. Affected component: Cisco Registered Envelope Ser...

Implementing the CIS 20 Critical Security Controls: Slash Risk of Cyber Attacks by 85%

If a CISO needed to cut cyber attack risk by 85%, how would this security chief go about accomplishing that? Would the CISO even know where to begin? It’s safe to say that such a mandate would be considered daunting, and maybe even overwhelming. CISOs are scrambling to protect IT infrastructures...

Threatpost News Wrap Podcast for Nov. 10

Threatpost editors Mike Mimoso and Tom Spring discuss the week’s information security news, including Chris Valasek’s and Charlie Miller’s return to the security speaking rounds, a phony WhatsApp download pulled from Google Play, a deep dive into the recent cloud-based storage leaks, and the rece...

Carbon Black’s Vision for the Predictive Security Cloud

Earlier today, during a keynote address at Cb Connect, I unveiled our vision for the Cb Predictive Security Cloud™️. The first of its kind, the Cb Predictive Security Cloud is an extensible, cloud-based cyber security platform that helps anticipate and prevent future and unknown cyberattacks. The...

Gary McGraw on BSIMM8 and Software Security

Software security pioneer Gary McGraw talks to Mike Mimoso about the latest iteration of the Building Security In Maturity Model BSIMM report. BSIMM is a snapshot of how some of the world’s biggest tech companies and enterprises are handling secure development practices. Gary talks about some of...

Memory Corruption Vulnerability in 360 Antivirus

360 Antivirus is a free cloud-based security antivirus program. 360 Antivirus suffers from a memory corruption vulnerability. An attacker could exploit this vulnerability to cause the scanning engine to terminate, resulting in a denial of service...

FAQ: XenMobile Licensing Model

Question: What is difference between XenMobile MDM edition Licenses and Enterprise Edition Licenses? Answer: XenMobile MDM Edition Citrix XenMobile MDM edition is licensed under a per-user or per-device model. User licensing is based on how many unique users have registered devices on the...

New Dridex Phishing Campaign Delivers Fake Accounting Invoices

A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero. The global campaign is the latest in what security experts at Trustwave said is a wave of phishing attacks against Xero and other financial and accounting...

An Established Solution for Mobile Threats

As much as smartphones and applications have evolved over the years, so has mobile malware. We’re seeing an increasing number of threats—from mobile ransomware and auto-clicking adware to dangerous backdoors that can compromise your privacy. And there are also legitimate personal applications tha...

Vision Critical Information Disclosure Vulnerability

Vision Critical is a cloud-based intelligent user management communication platform from Vision Critical Canada. A security vulnerability exists in versions of Vision Critical prior to 2014-05-30. An attacker could exploit the vulnerability to read arbitrary files...

Industrial Cobots Might Be The Next Big IoT Security Mess

Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings. The...

Heap Overflow Vulnerability in 360 Antivirus

360 Antivirus is a free cloud-based security antivirus program. 360 Antivirus suffers from a heap overflow vulnerability that can be exploited by an attacker to cause the scanning engine to terminate, resulting in a denial of service, or execute a remote code attack...

Carbon Blacking your sensitive data it’s what the agents normally do

But usually without such consequences. In this situation with Carbon Black, I am most interested in the actual reasons of all this media noise. From what point business as usual becomes a scandal. Ok, when you see Carbon Black customer's private files in public access at Virus Total it's a 100%...

A Leader for Four Consecutive Years in the Gartner Magic Quadrant for WAFs

Gartner has published their 2017 Magic Quadrant for Web Application Firewalls WAF and Imperva has again been named a WAF leader—now for four consecutive years. Attacks remain same, but infrastructure is changing According to 2017 Verizon Data Breach Investigations Report, web app attacks remain t...

Q&A: Conducting Cloud-Based Vendor Risk Audits With Qualys SAQ

Third-party security assessments drastically reduce your organization’s risk of suffering a data breach. When carried out properly, these assessments identify poor InfoSec and privacy practices among your vendors, partners, contractors, and other third parties with access to your IT systems and...

What is the hype around Firewall as a Service?

Admit it. Who would not want their firewall maintenance grunt work to go away? For more than 20 years, companies either managed their edge firewall appliances or had service providers rack-and-stack appliances in their data centers and did it for them. This was called a managed firewall — an...

Microsoft Adding Artificial-Intelligence Based Advanced Antivirus to Windows 10

Microsoft is making every effort to make its Windows operating system more secure and advanced than ever before by beefing up its security practices and hardening it against hackers and cyber attacks in its next release. With the launch of its Windows 10 Creator Update also known as RedStone 3,...

What’s new in Windows Defender ATP Fall Creators Update

When we introduced Windows Defender Advanced Threat Protection Windows Defender ATP, our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer ...

Akamai Launches New Solution to Help Enterprise Security Teams Address the Impact of Malware, Ransomware, and DNS-based Data Exfiltration

Today, we are proud to introduce Akamai Enterprise Threat Protector ETP. ETP is designed to provide customers quick-to-deploy and easy-to-manage cloud-based protection against the impact of complex, targeted threats such malware, ransomware, phishing, and DNS‑based data exfiltration. One...