RCE Vulnerability found in Cisco Small Business RV Series routers
Mar 22, 2022
On April 7th, Cisco released a security advisory announcing the discovery of a vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that could allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code on affected devices.
This vulnerability is being caused by improper validation of user-supplied input in the web-based management interface. A malicious threat actor could exploit this vulnerability by sending specially designed HTTP requests to a targeted device. A successful exploit would allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
At this time, Cisco has not released software updates that will address this vulnerability. There are also no known workarounds that address this vulnerability.
Historic White Hat Hacking Bounties and the Benefits of White Hat Hacking
Mar 21, 2022
2021 is on-track to be one of the most significant years of all-time when it comes to white hat hacking bounties being paid out for efforts to identify bugs, secure digital infrastructure, and help public and private organizations to be more secured in quickly changing digital environments.
In this article, we will cover everything you need to know about bug bounty programs in 2021 and why they can be such lucrative and tempting options for information security professionals.
2021 Cybersecurity Guide to Law Firm Data Security – Developing a More Resilient Posture to Emerging Cyber Threats
Mar 21, 2022
Read on to learn more about the steps law firms must take to develop a more resilient posture to emerging cyber threats.
Is It Time for Your Law Firm to Switch to Managed IT Services?
Mar 20, 2022
Learn about the importance of switching to managed IT services to build cyber resilience within your law firm.
Global Penetration Testing Industry Market Analysis: White Hat Hacking for Enhanced Digital Security
Mar 18, 2022
There has never been a time in global history when penetration testing was more important to governments and companies around the world.
In just the first 4 months of 2021, high profile events such as the State Capitol Attack , SolarWinds attack, and Microsoft Exchange Data Breach have brought a renewed focus to the topic of cyber security by revealing how vulnerable physical and digital infrastructure can be in a rapidly evolving world.
In this article, we will explore the unique market dynamics driving the global penetration market and the immense opportunities available for white hat hackers to apply their skills and help secure our world.
Global Digital Transformation Means the World Needs Ethical Hackers More than Ever
Mar 11, 2022
Organizations worldwide are working to complete digital transformation initiatives. That means, now more than ever, ethical hackers are needed now more than ever.
FBI and CISA Release Bulletin Citing Hackers’ On-Going Efforts to Exploit Fortinet Vulnerabilities
Feb 10, 2022
On Friday, April 2nd, the United States Federal Bureau of Investigation (FBI) and Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) released a joint bulletin titled APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks announcing that they had observed advanced persistent threat (APT) actors scanning devices and seeking to exploit vulnerabilities in Fortinet’s FortiOS.
Part 2: Security Blind Spots: How Trust Concealed the SolarWinds Attack
Jan 14, 2022
The concept of trust is fundamental to cyber security. It is how cyber security professionals control access to private information. Trusted users and applications are allowed to access private information and those that are untrusted are not.
The SolarWinds attack demonstrated how this defense can be breached on an incredibly grand scale. Over 100 organizations were penetrated by Russian-state hackers that surreptitiously inserted malware into trusted software. Prestigious U.S. government agencies and Fortune-ranked corporations blithely installed the Trojan horse in their networks because they trusted its source.
Part I: Security Blind Spots: How the Microsoft Exchange Hack Preys on SMBs
Jan 13, 2022
For most SMBs, email remains the lifeblood of business communications, carrying vital internal messages between employees, plus critical information needed externally by customers, suppliers and partners. A disruption to the organization’s email service can cause serious financial harm and damage to its brand.
Critical Vulnerabilities in Cisco SD-WAN vManage Software
Jan 10, 2022
On April 7th, Cisco confirmed the existence of multiple vulnerabilities in the Cisco SD-WAN vManage Software that can allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code or allow a locally authenticated user to gain escalated privileges on affected systems.
For more information about the full scope of these vulnerabilities, refer to the official Cisco security advisory.
Cisco has released software updates that address and mitigate these vulnerabilities.
Microsoft Exchange Server Hacks: Everything You Need to Know
Jan 09, 2022
The 2021 Microsoft Exchange Data Breach could go down as the most significant cybersecurity moment of the 21st century.
Since January, more than 250,000 organizations around the world have been affected by a wave of cyber criminality that will likely cost trillions and take years to fully resolve. This event has exposed millions of users across digital networks to an ever expanding range of threats that have once again placed the topic of cyber security at the top of agendas around the world.
Data Security Blind Spots Explained
Jan 07, 2022
Modern cybersecurity technologies are among some of the most advanced in the enterprise tech stack.
Despite these impressive advances, most organizations still suffer from data security blind spots in places their cloud-enabled security solutions should cover.
While IT professionals are quick to secure user accounts, monitor network traffic, and protect against email phishing, API security often remains one of the most overlooked areas of modern enterprise infrastructure.
