Network Security
Network Security | News, how-tos, features, reviews, and videos
JSON-based SQL injection attacks trigger need to update web application firewalls
Newly discovered method uses JSON syntax to deliver malicious payloads that bypass SQLi protections in popular WAFs.
Microsoft's rough 2022 security year in review
The ubiquity of Microsoft technology in organizations big and small make it a target for attack. These are the most important vulnerabilities and fixes from 2022 that admins need to know.
Flaws in MegaRAC baseband management firmware impact many server brands
The newly discovered vulnerabilities could allow attackers to gain control of servers that use AMI's MegaRAC BMC firmware.
Action1 launches threat actor filtering to block remote management platform abuse
Action1 says remote management platform can now identify and terminate any attempt at misuse by attackers.
The cybersecurity challenges and opportunities of digital twins
The virtual representation of objects or systems through digital twins provide organizations greater insight into their assets but it can also invite malicious actors.
UK finalizes first independent post-Brexit data transfer deal with South Korea
UK organizations will be able to securely transfer personal data to the Republic of Korea without restrictions by the end of 2022.
How remote working impacts security incident reporting
Security teams must update their security incident reporting policies and processes to account for remote work or risk exposure to increased threats.
Almost half of customers have left a vendor due to poor digital trust: Report
New research from DigiCert has found that digital trust is a key driver of customer loyalty, with 84% of customers saying they would consider leaving a vendor that did not manage digital trust.
Noname Security releases Recon attack simulator
API-focused Noname Security launched an attack simulator designed to feign an external, malicious attack.
Palo Alto releases PAN-OS 11.0 Nova with new evasive malware, injection attack protection
Web proxy support and SaaS security posture management (SSPM) are among new Nova security features designed to help businesses tackle zero-day threats.
XDR: Still confusing after all these years
It’s time to stop debating about what XDR is and focus on how it fits in a security operations center modernization strategy.
Global 2000 companies failing to adopt key domain security measures
Lookalike domains are targeting Forbes Global 2000 brands to launch phishing attacks and other forms of digital brand abuse/IP infringement.
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.
![A hand flicks on an update switch. [ software update / fix / patch ]](https://images.idgesg.net/images/article/2020/08/hand_flicks_on_update_switch_software_update_fix_patch_by_stadtratte_gettyimages-1140137377_2400x1600-100854510-small.3x2.jpg?auto=webp&quality=85,70)
Why it's time to review your Microsoft patch management options
Microsoft does not appear to be updating Windows Software Update Services, but newer patch management options might be a better choice.
The 15 biggest data breaches of the 21st century
Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.
Netacea launches malicious bot intelligence service to help customers tackle threats
Vendor says new service will offer insights into bot security threats and remediation advice based on marketplace research and dark web chatter.
OpenSSL project patches two vulnerabilities but downgrades severity
The two vulnerabilities in OpenSSL 3.0 are now rated as high rather than critical severity after further testing.
Tips on securing IoT devices gleaned from enterprises that use them
IoT devices pose significant threats to enterprises because of lack of visibility into what devices are on enterprise networks and inadequate use of monitoring tools to watch for malicious behaviors.
Attackers switch to self-extracting password-protected archives to distribute email malware
This variation on an old technique does not require the victim to provide a password to execute the malware.
