Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.
Identity & Access Management
In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.
To prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), more organizations are electing to have their employees work remotely from home. With that responsibility, more organizations will need to adopt a heightened level of security to protect themselves from attackers who look to exploit weaknesses in enterprise virtual private networks (VPNs).
The Australian Cyber Security Centre (ACSC) has released new guidelines to assist organizations in securing Content Management Systems (CMS). The guidelines include good mitigation advice in areas of patching, account management, hardening and monitoring to name a few.
Security experts from Kaspersky have discovered 37 vulnerabilities in four VNC implementations, some that have gone undetected since 1999.
Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.
First American Financial Corp., one of the world’s largest real estate title insurance companies, exposed hundreds of millions of title insurance customer financial records.
The European Parliament voted in favor of a massive database to unify and track biometrics data of EU and non-EU citizens, as part of approved Interoperability Legislation.
Microsoft has seen a rise in recent cyberattack activity against European think tanks and non-profit organizations. The warning comes as European leaders warn attacks will continue across Europe in 2019.
Popular WordPress plugin maker WPML said their website was hacked over the weekend and led to the loss of customer data. The culprit was an ex-employee who exploited a backdoor planted on an unsecured web server.