Security Boulevard

DECEMBER 6, 2024

1 - Study: Security of open source software projects must improve Improperly secured developer accounts. Here are more details about the three key security issues identified in the study: To conduct their FOSS work, developers often use individual accounts, which typically lack the security protections of organizational accounts.

Cybersecurity 64

Cybersecurity VPN Ransomware Software 64

Duo's Security Blog

APRIL 20, 2023

Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations. With Duo, the University team stood up integrations within days instead of the predicted weeks or months , protecting their apps and VPN. What is phishing?

Phishing 106

Phishing Social Engineering Authentication Engineering 106

Duo's Security Blog

FEBRUARY 4, 2025

It is the best defense against identity-based breaches, preventing over 99% of account compromise attacks. Webinar: CyberCube and Duo Security Answer Top Cyber Insurance Questions For more on what insurers look for, check out our ebook Cyber Liability Insurance for Small and Medium Businesses for the essentials.

Cyber Insurance 64

Cyber Insurance Insurance Authentication Risk 64

NopSec

FEBRUARY 28, 2024

The research team discovered that the users of Ghost CMS were granted the ability to upload an avatar to their account profile. The profile editor is a feature accessible to all users and provides a convenient means for less privileged accounts to target accounts with elevated privileges. CVE-2024-22107 (RCE) High Low 7.2

Authentication 59

Authentication Accountability Passwords Risk 59

McAfee

AUGUST 23, 2020

Remote users and branch offices were logically connected to this central network via technologies like VPN, MPLS, and leased lines, so the secure network perimeter could be maintained. While this approach sufficed for years, digital transformation has created major challenges. Click here to register.

Architecture 85

Architecture Digital transformation Internet Internet 85

NopSec

MAY 1, 2024

Palo Alto PanOS RCE CVE-2024-3400 It feels like the first quarter of 2024 has been defined by a string of SSL VPN command execution vulnerabilities and Palo Alto has jumped on the wagon. The analysis revealed that the SSL VPN end-point was shipped without disk encryption enabled, which made filesystem access trivial.

Firewall 59

Firewall VPN Software Authentication 59

NopSec

FEBRUARY 15, 2017

Attackers can then determine the IP range of their victim’s domains, WHOIS records which sometimes contain information on the technical contacts in the company, or subdomains that may contain the victim’s webmail portal, VPN login page, or a company’s Intranet.

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

NopSec

APRIL 3, 2024

Fortinet FortiGate SSL VPN RCE CVE-2024-21762 I think SSL VPN RCE may be my favorite combination of acronyms. A researcher has found that Fortinet’s FortiGate SSL VPN is vulnerable to a pre-auth RCE vulnerability. Severity Complexity CVSS Score Critical Low 9.8 Systems Impacted: 7.2.0 through 7.2.2 through 7.0.10

VPN 45

VPN Authentication Architecture Software 45

NetSpi Executives

APRIL 27, 2024

Attempt access to file and SQL servers with privileged accounts. In general, the fewer assets you have exposed to the internet the better, so if it doesn’t need to be out there, remove it, and bring it inside your virtual private network (VPN). Search for sensitive data patterns across file servers and SQL Server databases.

Ransomware 52

Ransomware Cyber Insurance Backups Insurance 52

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. Enable Multi-Factor Authentication (MFA): Activate MFA on all accounts that offer it, preferably using authenticator apps or hardware keys.

Malware 112

Malware Ransomware Passwords Healthcare 112