DLL Hijacking Vulnerability in CyberJournal PC Version

Xunfei Voice Notes is a comprehensive cloud-based note-taking software that focuses on voice input, produced by Xunfei. Xunfei Voice Notes for PC has a DLL hijacking vulnerability, which can be exploited by attackers to gain control of the server...

What’s New in InsightIDR: Q4 2020 in Review

Throughout the year, we’ve provided roundups of what’s new in InsightIDR, our cloud-based SIEM tool see the H1 recap post, and our most recent Q3 2020 recap post. As we near the end of 2020, we wanted to offer a closer look at some of the recent updates and releases in InsightIDR from Q4 2020...

The vulnerability of the cloud-based video editing, annotation, and format conversion application Adobe Prelude lies in the reading of data beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the cloud-based video editing, annotation, and format conversion application Adobe Prelude lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the context of the current...

Moderate: Red Hat Security Advisory: python-django-horizon security update

An update for python-django-horizon is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Threat and Vulnerability Management Best Practices

Today’s business world is increasingly driven by e-commerce and the cloud, which means it requires a proactive approach toward vulnerability management. After all, your company’s data—as well as your customers’—remains at risk to cybercriminals, which places the onus on you to protect your...

IoT security: how Microsoft protects Azure Datacenters

Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must...

Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS Domain Name System related outage and Distributed denial of service DDoS lead a negative impact on...

Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

Cybercriminals are embracing cloud-based services and technologies in order to accelerate their attacks on organizations and better monetize their wares, researchers have found. This is largely driven by cybercriminals who sell access to what they call “clouds of logs,” which are caches of stolen...

Silver Peak SD-WAN Bugs Allow for Network Takeover

Silver Peak’s Unity Orchestrator, a software-defined WAN SD-WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices. GeForce NOW is the brand used by Nvidia for its cloud-based gaming servic...

The Evolution of the Qualys Cloud Platform

The global pandemic has upended everything, and in the cyber security world in particular it has highlighted the need for organizations to have a cloud-based security and compliance platform, Qualys President and Chief Product Officer Sumedh Thakar said during his keynote Monday at the virtual QS...

If You Don't Have A SASE Cloud Service, You Don't Have SASE At All

The Secure Access Service Edge or SASE has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE...

If You Don't Have A SASE Cloud Service, You Don't Have SASE At All

The Secure Access Service Edge or SASE has been a very hot buzzword in the past year. A term and category created by Gartner 2019, SASE states that the future of networking and security lies in the convergence of these categories into a single, cloud-based platform. The capabilities that SASE...

CrimeOps of the KashmirBlack Botnet – Part I

Introduction Being in a research team exposes us to a variety of attacks on different platforms, of different types, scope, and volume. It also gives us the opportunity to select particularly interesting attacks that target our customers and to analyze them. This blog will give you a taste of the...

Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...

What’s New in InsightIDR: Q3 2020 in Review

In July, we provided a rundown of what was new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020 check out the blog post here for a recap. We’ve released some pretty great features and updates since then, so we thought it was time for another recap! This post offers a closer...

Security Takeaways from the Great Work-from-Home Experiment

As states deal with re-opening and in some cases, re-closing, the reality is that for many organizations, remote work will play a significant role in business through 2020 and beyond. And so will increased cybercriminal activity, as demonstrated by a 131 percent increase in viruses and about 600...

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats,...

New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI.

Over the past six months, organizations around the world have accelerated digital transformation efforts to rapidly enable a remote workforce. As more employees than ever access apps via their home networks, the corporate network perimeter has truly disappeared, making identity the control plane...

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...