Autore: SecurityIT

Cisco Patches Critical Vulnerability in RCM for StarOS

Cisco on Tuesday announced patches for a critical vulnerability in the Redundancy Configuration Manager (RCM) for the StarOS software running on its ASR 5000 networking devices.

A Cisco proprietary node/network function, RCM delivers redundancy of StarOS-based user plane functions.

Seven Ways to Ensure Successful Cross-Team Security Initiatives

Many organizations have one or more strategic initiatives that involve a large amount of coordination and cooperation across functions and teams. In my experience, these cross-team initiatives are often the most challenging ones, while simultaneously being the most rewarding. There are a number of reasons why this is the case, though I’d like to take a look at a different angle in this piece.

Resurrected jQuery UI Library Haunts Websites, Enterprise Products

resurrected-jquery-ui-library-haunts-websites,-enterprise-products

Drupal developers this week informed users about several vulnerabilities discovered in a third-party library that was recently resurrected after it had apparently been discontinued.

Software Supply Chain Attacks Tripled in 2021: Study

2021 can be described as the year of the software supply chain attack – the year in which SolarWinds opened the world’s eyes, and the extent of the threat became apparent.

SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks

SolarWinds this week released patches for a Serv-U vulnerability that Microsoft says has been abused for the propagation of Log4j attacks.

Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom

data-of-7-million-opensubtitles-users-leaked-after-hack-despite-site-paying-ransom

OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees

Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation.

Red Cross Appeals to Hackers After Major Cyberattack

The International Committee of the Red Cross on Thursday made an appeal to hackers who seized a trove of private data, saying they were willing to speak “directly and confidentially” to those behind the cyberattack.

NSA Authorized to Issue Binding Operational Directives to Boost NSS Cybersecurity

nsa-authorized-to-issue-binding-operational-directives-to-boost-nss-cybersecurity

Biden signs cybersecurity national security memorandum

Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update

Google on Tuesday announced the release of 26 security patches as part of its latest Chrome update, including one for a critical-severity bug.

A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues.

Living Off the “Edge” of the Land

Edge-Access Trojans (EATs) allow attackers to collect data and even disrupt crucial decisions as the edge of the network