The University of Michigan (UM) hosts more than 55,000 students, 35,000 staff members, and 640,000 alums. Unfortunately, following a recent cybersecurity breach, students, applicants, alums, employees, contractors, and donors may now have information at risk. The extent of the exposure is unknown, but the outcome could impact anyone. Those in association with UM must take steps to guard themselves before the assailants can misuse their information.

On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited a threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. CVE-2023-46747 is exploitable if the Traffic Management User Interface is exposed to the Internet.

StackPath announced the discontinuation of its WAF and CDN product lines, redirecting its focus towards a cloud computing platform at the internet’s edge. As a result, the WAF service will cease operations on November 22, 2023.

Zeek® is the world’s most widely used network security monitoring platform and is the foundation for Corelight network evidence. In this blog I share how to write a Zeek package in TypeScript with a new capability called ZeekJS that was released as part of Zeek 6.0.

Fortified network security requires getting a variety of systems and platforms to work together. Security teams need to scan for potential threats, look for new vulnerabilities in the network, and install software patches in order to keep these different parts working smoothly. While small organizations with dedicated cybersecurity teams may process these tasks manually at first, growing audit demands will quickly outpace their capabilities.

The growing network perimeter is a fact of life. Attacks on corporate networks can take many forms, such as viruses, backdoors, denial of service (DoS) attacks, macros, remote logins, phishing emails, social engineering, and spam. In this evolving threat landscape, firewalls continue to play a key role in securing our networks and devices.

The main reasons internet users choose to use a virtual private network (VPN) are to protect their online identity and bypass geo-restrictions. Cybercrime is on the rise and is expected to grow each year – the largest breach of 2023 so far occurred on Twitter. For those who reside in countries where internet freedom is lacking, a VPN is necessary to access certain content, and privacy is crucial. The rise in cybercrime has resulted in increased supply and demand in the VPN market.