Tuesday, July 15, 2025
Latest:

Security

Networkworld
TH Author

4 vulnerabilities and exposures affect Intel-based systems; Red Hat responds

Four vulnerabilities were publicly disclosed related to Intel microprocessors. These vulnerabilities allow unprivileged attackers to bypass restrictions to gain read access to privileged memory. They include these common vulnerabilities and exposures (CVEs):
CVE-2018-12126 – a flaw that could lead to information disclosure from the processor store buffer
CVE-2018-12127 – an exploit of the microprocessor load operations that can provide data to an attacker about CPU registers and operations in the CPU pipeline
CVE-2018-12130 – the most serious of the three issues and involved the implementation of the microprocessor fill buffers and can expose data within that buffer
CVE-2019-11091 – a flaw in the implementation of the “fill buffer,” a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache

[ Also read: Linux hardening: a 15-step checklist for a secure Linux server ]
Red Hat customers should update their systems
Security updates will degrade system performance, but Red Hat strongly suggests that customers update their systems whether or not they believe themselves to be at risk.To read this article in full, please click here READ MORE HERE…

Read More
TrendMicro
TH Author

This Week in Security News: Skimming Attacks and Ransomware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how credit card skimming attacks can impact businesses and how ransomware can use software installations to help hide malicious activities. Read on: Mirrorthief Group Uses Magecart…
The post This Week in Security News: Skimming Attacks and Ransomware appeared first on . Read More HERE…

Read More
Networkworld
TH Author

Cisco adds AMP to SD-WAN for ISR/ASR routers

Cisco has added support for Advanced Malware Protection (AMP) to its million-plus ISR/ASR edge routers, in an effort to reinforce branch and core network malware protection at across the SD-WAN.Cisco last year added its Viptela SD-WAN technology to the IOS XE version 16.9.1 software that runs its core ISR/ASR routers such as the ISR models 1000, 4000 and ASR 1000, in use by organizations worldwide. Cisco bought Viptela in 2017. 
More about SD-WAN
How to buy SD-WAN technology: Key questions to consider when selecting a supplier
How to pick an off-site data-backup method
SD-Branch: What it is and why you’ll need it
What are the options for security SD-WAN?

The release of Cisco IOS XE offered an instant upgrade path for creating cloud-controlled SD-WAN fabrics to connect distributed offices, people, devices and applications operating on the installed base, Cisco said. At the time Cisco said that Cisco SD-WAN on edge routers builds a secure virtual IP fabric by combining routing, segmentation, security, policy and orchestration.To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

Cisco releases a critical security patch for a virtualized automation tool

Cisco has released a  patch for a critical vulnerability in software used to control large virtual environments.The weakness gets a 10 out of 10 severity score and is found in Cisco’s Elastic Services Controller (ESC), which the company describes as offering a single point of control to manage all aspects of Virtual Network Functions and offers capabilities such as VM and service monitoring, auto-recovery and dynamic scaling. With ESC users control the lifecycle all virtualized resources, whether using Cisco or third-party VNFs, Cisco stated.RELATED: What IT admins love/hate about 8 top network monitoring tools
The vulnerability in this case lies in the REST API of ESC and could let  an unauthenticated remote attacker to bypass authentication on the REST API and execute arbitrary actions through with administrative privileges on an affected system. The vulnerability is due to improper validation of API requests, Cisco wrote in its advisory.To read this article in full, please click here READ MORE HERE…

Read More
TrendMicro
TH Author

Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices

Malice Vs Greed Most discussion about security in the supply chain has been focused on detecting tampering, or preventing backdoors or sneaky things being inserted into components and software. There’s another aspect emerging and will dwarf the tampering: devices that are counterfeited for profit indirectly causing security problems. Counterfeit devices are ones that either by…
The post Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices appeared first on . Read More HERE…

Read More
Networkworld
TH Author

10 Hot IoT security startups to watch

The internet of things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the internet itself did, making security threats associated with the IoT a major concern.This worry is reflected by investments being made in startups that focus on stopping threats to the IoT, the industrial IoT (IIoT) and the operational technology (OT) surrounding them.To read this article in full, please click here(Insider Story) READ MORE HERE…

Read More
Networkworld
TH Author

Cisco issues critical security warning for Nexus data-center switches

Cisco issued some 40 security advisories today but only one of them was deemed “critical” – a vulnerability in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could let an attacker secretly access system resources.The exposure, which was given a Common Vulnerability Scoring System importance of 9.8 out of 10, is described as a problem with secure shell (SSH) key-management for the Cisco Nexus 9000 that lets a remote attacker to connect to the affected system with the privileges of a root user, Cisco said.To read this article in full, please click here READ MORE HERE…

Read More
TrendMicro
TH Author

The Next Enterprise Challenge: How Best to Secure Containers and Monolithic Apps Together, Company-wide

Submitted by: Adam Boyle, Head of Product Management, Hybrid Cloud Security, Trend Micro When it comes to software container security, it’s important for enterprises to look at the big picture, taking into account how they see containers effecting their larger security requirements and future DevOps needs. Good practices can help security teams build a strategy that…
The post The Next Enterprise Challenge: How Best to Secure Containers and Monolithic Apps Together, Company-wide appeared first on . Read More HERE…

Read More
Networkworld
TH Author

How to shop for enterprise firewalls

Firewalls have been around for years, but the technology keeps evolving as the threat landscape changes. Here are some tips about what to look for in a next-generation firewall (NGFW) that will satisfy business needs today and into the future.Don’t trust firewall performance stats
Understanding how a NGFW performs requires more than looking at a vendor’s specification or running a bit of traffic through it. Most firewalls will perform well when traffic loads are light. It’s important to see how a firewall responds at scale, particularly when encryption is turned on. Roughly 80% of traffic is encrypted today, and the ability to maintain performance levels with high volumes of encrypted traffic is critical.To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

Does your cloud-access security broker support IPv6? It should.

Cloud access security brokers (CASB) insert security between enterprises and their cloud services by providing visibility and access control, but IPv6 could be causing a dangerous blind spot.That’s because CASBs might not support IPv6, which could be in wide corporate use even in enterprises that choose IPv4 as their preferred protocol. [ Related: What is IPv6, and why aren’t we there yet?
For example, end users working remotely have a far greater chance of connecting via IPv6 than when they are in the office.  Mobile providers collectively have a high percentage of IPv6-connected subscribers and broadband residential Internet customers often have IPv6 connectivity without realizing it.  Internet service providers and software-as-a-service (SaaS) vendors both widely support IPv6, so a mobile worker accessing, say, DropBox over a Verizon 4G wireless service might very well connect via IPv6.To read this article in full, please click here(Insider Story) READ MORE HERE…

Read More