Researchers with Palo Alto Networks Unit 42 investigated the tunneling software X-VPN, which uses various evasion techniques to bypass security and policy enforcement mechanisms. X-VPN is a type of Virtual Private Network (VPN) that can be used to bypass internet censorship and traffic policy enforcement points, which poses a great risk to network operators as well as VPN users.
Americans are keen on security, but do not necessarily understand it. This is the conclusion of a new survey of 1,300 Americans undertaken by YouGov, which basically suggests that attitudes towards cybersecurity exceed actions taken to ensure cybersecurity.
Policy Optimizer strengthens security by closing dangerous policy gaps left by legacy firewall policies. Policy Optimizer makes migration from port-based rules to App-ID based rules easy, fast, and accurate. Taking complexity out by removing scores of legacy rules reduces human error, which is a leading cause of data breaches.
The newly discovered Linux vulnerabilities, CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479, affect all Linux operating systems newer than kernel 2.6.29 (released on March 2009) or above can cause a kernel panic to systems with services listening on TCP connection. This remote attack can put a server into Denial of Service (DoS) state, but remote code execution is not of concern.
The endpoint security marketplace is crowded with vendors claiming to have supe-rior capabilities. Cutting through all the marketing and sales pitches to understand how these products perform isn’t easy. Luckily, The MITRE Corporation conducted an independent test of the detection and investigation capabilities of leading end-point detection and response (EDR) products against real-world attack sequences. We’ll break down MITRE’s methodology, the results, and what it all means for your organization as you assess your current and future endpoint security toolkit.
Unit 42 discovered one new vulnerability addressed by the Microsoft Security Response Center (MSRC) as part of their June 2019 security update release, as well as nine additional vulnerabilities that were addressed in May 2019.
Read this use case white paper based on real world designs to learn:
How to better secure your Electric Transmission Data Networks from advanced cyberthreats
How to more efficiently and comprehensively address your NERC CIP compliance obligations
From compromised credentials to misconfigured containers to the excessive use of privileged accounts, here's a look at six of the biggest cloud security threats technical experts are worried about this year.
Take a look at this fun, interactive infographic featuring the complete list of 10 key features and functionalities businesses need to prevent successful cyberattacks – today and tomorrow. It’s an informative way to quickly find out how to best protect your organization from cyberthreats.
From failing to address the spread of shadow IT to losing or having credentials stolen to treating containers like traditional appliances or VMs, here are nine of the most common AWS security mistakes seen by technical experts.
Executive Summary The Hide ‘N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots. Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
There are no flawless software systems or applications. When flaws result in security vulnerabilities, threat actors exploit them to compromise those systems and applications and, by extension, the endpoints on which they reside. Although software vendors issue patches to remediate flaws, many financial institutions do not apply all available patches to their production environments. In addition, when systems or applications reach their end-of-support, they no longer receive vulnerability patches from their vendors. These two scenarios describe the conditions under which a system or application is considered "unpatchable." When patching or upgrading is no longer feasible, security professionals need to identify alternative ways to secure the unpatchable systems and applications to support their ongoing use in the environment.
Through network security consolidation, government agencies can achieve tighter
integration between previously disparate systems while automating and simplifying
the process for responding to and preventing malicious activity.
As Governments adopt digital technologies – employee remote access, citizen self-service, SaaS, cloud, and more – these same technologies introduce new points where the network can be infiltrated, and new valuable data that must be secured. The result was a cyber security arms race where new threats were countered with new security point products.
Today, governments are consolidating security appliances and functions to gain better visibility and use scarce cybersecurity professionals wisely.
Read this use case to discover
• The advantages of a platform approach to network security consolidation.
• Best practices for deployment.
• How a government agency eliminated 10 security appliances at every location, simplifying compliance, management and reporting while improving security.
Displaying 31 to 60 of 3979
Be the first to know.
As a member you’ll get exclusive invites to events, Unit 42 threat alerts and cybersecurity tips delivered to your inbox.