Supply chain attacks are increasing. According to KPMG, 73 percent of organizations have experienced at least one significant disruption from a third-party in the last three years. These findings underscore the imperative of implementing a supply chain risk management program. But as your vendor portfolio grows, assessing your vendors for cyber risk can seem daunting and raises many questions.

On October 4, 2023, Atlassian issued a security advisory revealing potential active exploitation of a previously unknown vulnerability (CVE-2023-22515, CVSS: 10) affecting Confluence Data Center and Server instances that are on-premises. This vulnerability can enable an unauthenticated, anonymous remote threat actor to escalate privileges by creating unauthorized Confluence administrator accounts and accessing Confluence instances across multiple versions of Confluence Data Center and Server.

On October 4, 2023, Cisco published a security advisory disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an unauthenticated, remote threat actor to utilize the root account (this account by default has hard coded credentials that cannot be altered) to log into an affected device.

If routing traffic on your network, managing cloud-based software-as-a-service (SaaS) applications, or general cloud connectivity is becoming more difficult for your IT team to manage, you may be ready for a software-defined wide area network (SD-WAN). SD-WAN is powerful networking tool that can help you centrally manage your traffic flow, independent of the underlying hardware on your network.

Staying ahead of cyberattacks and strengthening your organization’s defenses doesn’t happen overnight and can be hard to accomplish without the right tools and cyber strategies. SecurityScorecard’s Threat Intelligence team hosted a webinar that highlights the importance of threat exposure management, its latest trends, and how to implement this framework into an organization’s cybersecurity plan.

It is notoriously difficult to detect a man-in-the-middle attack. However, these attacks do have some subtle signs, including landing on obviously fake websites and your internet connection mysteriously becoming unreliable. Additionally, man-in-the-middle attacks often happen on open, unencrypted public networks, so it’s very important to be aware of your online environment at all times.

CurrentWare version 9.0.1 is here! This update brings a streamlined Access Code Generator process for AccessPatrol, Bulk URL Reclassification for BrowseReporter and BrowseControl, and new security and quality-of-life updates to the CurrentWare Suite. As always, we recommend keeping your CurrentWare deployment up-to-date to take advantage of the latest functionality, stability, and security developments.

Shadow PC is a Paris-based gaming host with thousands of clients in Europe and the US. Shadow’s service allows video games with high resource consumption to run on old software; this is made possible by Shadow’s ability to open a virtual computer. The virtual computer takes the onus of running games, allowing even incompatible computers to run game software. Shadow PC’s services are cloud-based, which should allow up to 100,000 users to play on their servers simultaneously.

Historically, data center servers have used motherboards that included all key components on a single circuit board. The DC-SCM (Datacenter-ready Secure Control Module) decouples server management and security functions from a traditional server motherboard, enabling development of server management and security solutions independent of server architecture.