Shifting the focus from reactive to proactive, with human-led secure coding

The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new...

RMM software: What is it and do you need it?

As cybersecurity products evolve to better protect against new forms of malware, trickier evasion techniques, and more organized cybercrime campaigns, the practice of cybersecurity evolves, too, providing simple, streamlined methods to manage hundreds of endpoints through one tool: RMM software...

Defeating the Pirates

In Akamai's paper, "Inside the World of Video Pirates," we discovered why digital intellectual property theft aka "piracy" is possibly the most misunderstood form of cybercrime facing the TV, sports, and film industries. The paper explored how piracy strategically impacts the industry, how the...

How to Conduct Vulnerability Assessments: An Essential Guide for 2021

Hackers are scanning the internet for weaknesses all the time, and if you don't want your organization to fall victim, you need to be the first to find these weak spots. In other words, you have to adopt a proactive approach to managing your vulnerabilities, and a crucial first step in achieving...

Women in Security Part 6: Meet Nandini De, Director of Engineering

This post is part of our Women’s History Month series - follow along with us on Twitter @VMwareCarbonBlack To conclude Women’s History Month, we are thrilled to bring you the last spotlight of our Women in Security series. It’s been an honor to highlight the outstanding women in the VMware Securi...

Microsoft Offers Up To $30K For Teams Bugs

Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it’s willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most...

Cybersecurity Bug-Hunting Sparks Enterprise Confidence

Nearly three-quarters of IT security professionals 73 percent surveyed say they prefer to buy technology and services from vendors who are proactive about security, including leveraging ethical hacking and having transparent communications about vulnerabilities. But less than half of vendors...

Dell SupportAssist for Home PCs and Dell SupportAssist for Business PCs code issue vulnerability

Dell SupportAssist for Business PCs is a client application for enterprise PCs. Dell SupportAssist for Home PCs is a client application for home PCs that provides automated, proactive and predictive techniques for troubleshooting and more. Dell SupportAssist for Home PCs and Dell SupportAssist fo...

Sensor Architecture Can Help Keep Us Up and Running: Part 1

In the constant press of rolling out ever better products and services to our customers, it can be easy-- and often necessary-- to fall into a reactive mode around reliability...

Turning the page on Solorigate and opening the next chapter for the security community

The recent SolarWinds attack is a moment of reckoning. Today, as we close our own internal investigation of the incident, we continue to see an urgent opportunity for defenders everywhere to unify and protect the world in a more concerted way. We also see an opportunity for every company to adopt...

CVE-2021-22984

CVE-2021-22984 affects F5 BIG-IP ASM/Advanced WAF Bot Defense open redirection. Affected: BIG-IP with Bot Defense or DoS profiles may redirect unauthenticated requests to a malicious URI, producing HTTP 307 redirects. Impact: potential phishing or credential theft through unexpected redirects. Af...

CVE-2021-22984

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM...

F5 Networks BIG-IP : BIG-IP ASM Bot Defense open redirection vulnerability (K33440533)

When receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense versions prior to 14.1.0, or a Bot Defense profile versions 14.1.0 and later, may subject clients and web servers to...

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These...

What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

From March to December 2020, we tracked segments of a dynamically generated email infrastructure that attackers used to send more than a million emails per month, distributing at least seven distinct malware families in dozens of campaigns using a variety of phishing lures and tactics. These...

Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'

President Joe Biden laid out a series of cybersecurity initiatives last week at his inauguration, including earmarking $10 billion for various cybersecurity defense initiatives. Those included hiring key security personnel to support for the Cybersecurity Infrastructure Security Agency CISA. The...

Taking a Neighborhood Watch Approach to Retail Cybersecurity

Every year retailers face a heightened level of risk during the online holiday shopping season. COVID-19 drastically shifted consumer buying behaviors, forcing retailers to accelerate digital transformation efforts to support an exponentially higher number of online transactions. Projected U.S...

Simplifying Proactive Defense With Threat Playbooks

Security defense strategy can be extremely complex, with security teams grappling with tens of thousands of information points and evolving attacker techniques, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs. Derek Manky FortiGuard Labs has...

Azure File Sync Agent v11.1 Release – November 2020

Azure File Sync Agent v11.1 Release – November 2020 Introduction This article describes the improvements and issues that are fixed in the Azure File Sync Agent v11.1 release that is dated November 2020. Additionally, this article contains installation instructions for the update. Improvements and...

2021 Healthcare Cybersecurity Priorities: Experts Weigh In

Healthcare cybersecurity is in triage mode. As systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. Most...