ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers to take control of the affected router models without needing any login credentials.

Devo recently brought together an esteemed panel of modern CISOs to discuss the issues that matter most to them and their peers. Included in the panel were: It was a lively discussion that covered important topics around the evolution of one of the top security executive roles. Here are five of the key takeaways that bubbled up from the hour-long CISO panel.

THORChain is a network that facilitates native asset settlement between various blockchains including Bitcoin, Ethereum, BNB Chain, Cosmos, and more. Overall, THORChain aims to provide a seamless and efficient way for users to exchange assets across different blockchains while maintaining a high level of decentralization, security, and community participation.

If you save your passwords in a browser password manager, your passwords may be at risk of becoming compromised. This is because browsers frequently remain logged in, meaning if someone gained access to your device they’d have access to all your stored passwords. Additionally, if your browser were to become compromised, everything stored in your browser would also be at risk of becoming compromised due to weak encryption standards.

FedRAMP, the federal risk and authorization management program, is a comprehensive and structured way to develop a security – mostly cybersecurity – position when working with the federal government. It’s a framework meant for contractors and third-party businesses that handle information for the government and who need to keep it secure. The question is, if you’re a cloud service provider, what are the benefits of implementing FedRAMP?

On May 20, 2024, Ticketmaster parent company Live Nation Entertainment launched an investigation after detecting unauthorized activity within a database containing company data. A week later, they were contacted by someone who threatened to sell their user data on the dark web. I, like many other Ticketmaster customers, became worried about my data, so I took immediate steps to protect myself. Here is what I did.

ISO 27001, the internationally recognised standard for information security management systems (ISMS), provides a framework for organisations to protect their valuable information assets. Penetration testing is crucial in preventing data breaches and maintaining the business’s reputation. ISO 27001 strongly recommends it as a critical tool for assessing an organisation’s security posture and ensuring compliance with control A.12.6.1, which focuses on managing technical vulnerabilities.

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition analyses cyberattacks related to a new malware campaign targeting Docker APIs, a Phishing-as-a-Service platform attacking Microsoft 365, and an analysis of the cyberespionage group UNC3886.

Knowing what you don’t know is the key to keeping an organization safe and the best method of doing so is with an offensive security approach that includes vulnerability scanning. By being proactive one can identify exploitable weaknesses in your own systems before malicious actors can. Here's why vulnerability scanning is an essential part of any offensive security solution: Vulnerability scanning is just one piece of the offensive security puzzle, but it's a crucial one.

The Payment Card Industry Data Security Standard (PCI DSS) is a global cornerstone for safeguarding cardholder data. PCI DSS version 4.0, the most recent iteration, emphasises a dynamic, risk-based approach to security, compelling organisations to tailor their controls to their unique environments. PCI DSS penetration tests are crucial for meeting and maintaining security standards.