Security News

Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware. Niels Teusink of Dutch cybersecurity firm EYE discovered a secret hardcoded administrative account in the latest 4.60 patch 0 firmware for some Zyxel devices.

Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware. Niels Teusink of Dutch cybersecurity firm EYE discovered a secret hardcoded administrative account in the latest 4.60 patch 0 firmware for some Zyxel devices.

The United States Department of Homeland Security has published a guide to the terrifying risks that businesses will expose themselves to if they use tech created in the Peoples' Republic of China or engage in any business activity with the Middle Kingdom. The fifteen-page "Data Security Business Advisory" [PDF] opens by warning "Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC.".

Challenges with Traditional WAF. We often hear from industry members who switched from traditional Web Application Firewall to next Gen WAF what made them switch. 1 - Application and Web Usage ControlApplication and web usage control answers the concern, what type of traffic is blocked? The WAF uses multiple identification categories to identify their exact identity of websites and applications crossing the network and determine how to treat them.

Kali Linux 2020.4 released: New default shell, fresh tools, and more!Offensive Security has released Kali Linux 2020.4, the latest version of its popular open source penetration testing platform. Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCsCisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive information on an affected system.

Tufin announced it will integrate with AWS Network Firewall, a new managed service that makes it easy to deploy essential network protections for all Amazon Virtual Private Clouds on Amazon Web Services, on-premise data centers and other cloud platforms for full visibility across the enterprise. "AWS is a very important cloud provider for our customers today and into the future, which is why we are excited to expand our collaboration and be a Launch Partner for AWS Network Firewall," said Pamela Cyr, Senior Vice President of Business and Corporate Development, Tufin.

The Firewall Manager is a centralised service for configuring firewalls across accounts and applications within an AWS user organisation, this being a way of managing multiple AWS accounts. The new AWS Network Firewall moves beyond the existing services by adding more intelligent rules using the open-source Suricata project for intrusion detection.

Amazon Web Services on Tuesday announced the general availability of AWS Network Firewall, a managed security service designed to help customers protect their virtual networks. AWS Network Firewall can easily be enabled from the AWS Console for specified virtual private cloud environments, and the company says there are no extra charges for users - customers pay for the service based on hours deployed and gigabytes processed.

Amazon Web Services announced the general availability of AWS Network Firewall, a new managed security service that makes it easier for customers to enable network protections across all of their AWS workloads. AWS provides protections to help customers secure their networks, such as AWS Web Application Firewall to protect internet-facing web applications, AWS Shield to safeguard against Distributed Denial of Service attacks, and AWS Firewall Manager which provides central management and visibility across all firewall controls on AWS. While these and other protections combine to provide highly secure and flexible layers of defense, many customers also want a simple way to apply and manage blanket network protections across all of their workloads.

Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers. "Some Apple apps bypass some network extensions and VPN Apps," Maxwell tweeted.