Security News

ISARA launched ISARA Advance Crypto Agility Suite, an enterprise solution that allows organizations to discover their cryptographic blind spots and equip them to take action against the looming threat of encryption-breaking quantum computers. Revealing what lurks within organizations' information security infrastructures forms the foundation of cryptographic agility and risk management.

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses impact routers running firmware versions prior to v1.0.0.60, and have since been fixed by the company in December 2020 as part of a coordinated vulnerability disclosure process.

UPDATE. A proof-of-concept for a critical Windows security vulnerability that allows remote code execution was dropped on GitHub on Tuesday - and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform. The bug exists in the Windows Print Spooler and has been dubbed "PrintNightmare" by researchers.

CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that it can be exploited to achieve remote code execution and - what's worse - PoC exploits have since been leaked. The Windows Print Spooler is an application / interface / service that interacts with local or networked printers and manages the printing process.

How are you dynamically provisioning access for temporary workers? How are you managing privileged access? The challenges in terms of risky account discovery and clean-up, risk-based access certifications, as well as risk-based authentication has become a critical area for our customers. The next critical customer goal is around detecting and preventing insider threats.

Pling presents itself as a marketplace for creative folk to upload Linux desktop themes and graphics, among other things, in the hope of making a few quid from supporters. It comes in two parts: code needed to run your own bling bazaar, and an Electron-based app users can install to manage their themes from a Pling souk.

Joint Cyber Unit will create more situational awareness and guarantee preparedness to large-scale cybersecurity crises. In the EU, this has taken the form of a new Joint Cyber Unit, situated next to ENISA's offices in Brussels.

VMware has fixed an uber-severe bug in its Carbon Black App Control management server: A server whose job is to lock down critical systems and servers so they don't get changed willy-nilly. Besides the authentication-bypass fix, VMware also published a security advisory for a high-risk bug in VMware Tools, VMware Remote Console for Windows, and VMware App Volumes products.

VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control running on Windows machines. Carbon Black App Control is designed to improve the security of servers and other critical systems by locking them down to prevent unauthorized tampering.

Register for this upcoming webinar to learn how to reduce risk with integrated endpoint-to-cloud security. Currently, security from endpoints to the cloud involves multiple standalone tools that solve specific problems.