Network Security

NEWS 
  • Sophos patches critical remote code execution vulnerability in Firewall

    March 28, 2022

    Sophos has patched a remote code execution (RCE) vulnerability in the Firewall product line. Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. Firewall includes TLS and encrypted network traffic inspection, deep packet inspection, sandboxing, intrusion prevention systems (IPSs), and visibility features for detecting suspicious and malicious network activity. Read more… Source: ...

  • Cyclops Blink Sets Sights on Asus Routers

    March 18, 2022

    Cyclops Blink, an advanced modular botnet that is reportedly linked to the Sandworm or Voodoo Bear advanced persistent threat (APT) group, has recently been used to target WatchGuard Firebox devices according to an analysis performed by the UK’s National Cyber Security Centre (NCSC). Trend Micro researchers acquired a variant of the Cyclops Blink malware family that ...

  • ISC Releases Security Advisories for BIND

    March 17, 2022

    The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds. CVE-2021-25220 CVE-2022-0396 CVE-2022-0635 CVE-2022-0667 Read more… Source: U.S. Cybersecurity and ...

  • CISA: Strengthening Cybersecurity of SATCOM Network Providers and Customers

    March 17, 2022

    CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments. In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of SATCOM Network Providers and Customers, which provides ...

  • Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device

    March 7, 2022

    Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, researchers decided to take an even closer look at two of these vulnerabilities — CVE-2021-21748 and CVE-2021-21745 — to show how they could be chained together by an ...

  • National Security Agency Cybersecurity Technical Report: Network Infrastructure Security Guidance

    March 4, 2022

    Guidance for securing networks continues to evolve as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified. Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network. All networks are at risk of compromise, especially if devices are not properly ...

  • NATO Cyber Security Centre experiments with secure network capable of withstanding attack by quantum computers

    March 2, 2022

    Scientists have predicted that quantum computers will one day be able to break some commonly used encryption methods. That’s why NATO and Allies are already testing post-quantum solutions. The NATO Cyber Security Centre (NCSC) has successfully tested secure communication flows in a post-quantum world using a Virtual Private Network (VPN) provided by the United Kingdom-based company Post-Quantum. ...

  • CISA Compiles Free Cybersecurity Services and Tools for Network Defenders

    February 18, 2022

    CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. Before turning to ...

  • Singapore to build quantum-safe network for critical infrastructure trials

    February 17, 2022

    Singapore is aiming to build a quantum-safe network that it hopes will showcase “crypto-agile connectivity” and facilitate trials with both public and private organisations. The initiative also includes a quantum security lab for vulnerability research. The three-year initiative is led by the Quantum Engineering Programme (QEP), with SG$8.5 million ($6.31 million) set aside to fund its ...

  • Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

    February 11, 2022

    Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution (RCE) as SYSTEM on any unpatched MXview server, researchers warned this week. The five bugs, affecting versions 3.x to 3.2.2, score a collective 10 out of 10 on the CVSS vulnerability-severity scale, according to Claroty’s Team82 research ...