Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.

Key considerations for digital asset startups: Custody and beyond

Blockchain technology continues to grow in prominence, and as it expands, a wide range of businesses are looking to develop digital asset products. At the same time, many startups are launching with digital assets at the center of their businesses. If you are running a digital asset business or building a blockchain product, it’s important to consider what type of custody management solution will best support your business.

A Comprehensive Guide to X-Powered-By Header

An X-Powered-By header is a type of HTTP response in the header field (most headers prefixed with an ‘X-‘ are non-standard) that informs the user which technology stack or framework is running on the web server. For example, if a web server is running Node.js, the header would be “X-Powered-By:Express”, which indicates an Express framework is being used.

Lost in Translation: Vulnerability Management Communication Gaps

Vulnerability management is absolutely critical to protecting an organization’s IT and cloud infrastructure, systems, or applications from incoming threats. The ability to remediate the most relevant vulnerabilities quickly is the only way to keep your perimeter safe. Yet, security teams struggle with managing vulnerabilities. Why? At the core lies a fundamental communication and collaboration problem.

Phishing is Still the Top Initial Access Vector

Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by targeting humans directly. “The enduring dominance of phishing as an initial access technique underscores its effectiveness and persistence in the face of cybersecurity advancements and more sophisticated methodologies,” the researchers write.

Cyber security measures for small and medium enterprises (SMEs)

The risk of cyber attacks for companies is increasing and can significantly disrupt their operations, have negative financial consequences and damage their reputation. Small and medium enterprises (SMEs) are especially vulnerable to these attacks due to limited resources and a lack of cyber security expertise. Understanding the significance of cyber security is crucial for protecting sensitive data and ensuring business continuity.