Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

US Ban on TP-Link Routers More About Politics Than Exploitation Risk

While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing.

DARKReading
#vulnerability#windows#cisco#intel#backdoor#auth#zero_day
How Nation-State Cybercriminals Are Targeting the Enterprise

Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment — it calls for a collaborative effort.

Managing Threats When Most of the Security Team Is Out of the Office

During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls.

OT/ICS Engineering Workstations Face Barrage of Fresh Malware

Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.

Fortinet Addresses Unpatched Critical RCE Vector

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Bridging the 'Keyboard-to-Chair' Gap With Identity Verification

Modern identity verification (IDV) approaches aim to connect digital credentials and real-world identity without sacrificing usability.

Vendors Chase Potential of Non-Human Identity Management

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

Malvertisers Fool Google With AI-Generated Decoy Content

Seemingly innocent "white pages," including an elaborate Star Wars-themed site, are bypassing Google's malvertising filters, showing up high in search results to lure users to second-stage phishing sites.

CISA Releases Draft of National Cyber Incident Response Plan

The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.