Aggregator

Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization of the cloud has only exacerbated this challenge. Companies are rapidly increasing the number of cloud-based services they rely upon, often without fully understanding how they connect to their broader network. How regulations are piling on … More →

The post It’s time to secure the extended digital supply chain appeared first on Help Net Security.

SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your workflow by simplifying, automating, and personalizing your reports. “SysReptor is an easy-to-use tool for pentesters and simplifies pentest reporting. Reports are designed as HTML/CSS and rendered to PDFs. Pentesters can write their reports in markdown format. We actively maintain it and release new features continuously (from note-taking to encrypted archiving, concurrent editing, version histories, … More →

The post SysReptor: Open-source penetration testing reporting platform appeared first on Help Net Security.

The breaches and ransomware attacks of 2024 highlighted systemic vulnerabilities, demonstrating how third-party and fourth-party dependencies amplify risks across industries, according to a Black Kite report. Researchers revealed how silent breaches underscore the risk posed by unseen vulnerabilities in third-party networks. By exploiting these hidden weaknesses, attackers disrupted individual organizations and exposed the fragility of entire supply chains. Third-party breach incidents in 2024 Unauthorized network access accounted for more than 50% of publicly disclosed third-party … More →

The post Silent breaches are happening right now, most companies have no clue appeared first on Help Net Security.

Netgear修复了两个影响多个WiFi路由器模型的关键漏洞，并敦促客户尽快将其设备更新为最新的固件。安全漏洞会影响多个WiFi 6接入点（WAX206，WAX214V2和WAX220）和Nighthawk Pro游戏路由器模型（XR1000，XR1000V2，XR500）。

尽管没有更多有关这两个漏洞的详细信息，但可以确定的是未经验证的威胁分子可以利用它们进行远程代码执行（以PSV-2023-0039的内部跟踪）和身份验证（PSV-2021-0117）在不需要用户交互的低复杂性攻击中。

该公司在周末发布的报告中说道：“ Netgear强烈建议相关用户尽快下载最新的固件。”下表列出了所有弱势路由器模型和带有安全补丁的固件版本。

要下载并安装用于NetGear路由器的最新固件，用户必须通过以下步骤：

1.访问Netgear支持。

2.在搜索框中键入您的型号，然后在出现后立即从下拉菜单中选择您的型号。

3.如果您看不到下拉菜单，请确保正确输入型号或选择产品类别以浏览产品型号。

4.点击下载。

5.在当前版本下，选择第一个下载其标题以固件版本开头。

6.点击发行说明。

7.按照发行说明中的说明下载并安装新的固件。

该公司随后表示如果用户没有完成所有建议的步骤，则未经验证的RCE脆弱性仍然存在，Netgear对任何后果概不负责。

去年7月，NetGear还提醒客户立即更新到最新的固件，以进行补丁存储的跨站点脚本（XSS）和身份验证旁路漏洞，影响了几种WiFi 6路由器模型。

一个月前，安全研究人员在Netgear WNR614 N300中揭示了六个不同严重程度的漏洞，这是一条在房屋用户和小型企业中流行的路由器。

While 4 out of 5 CEOs recognize AI’s potential, many worry gaps in their understanding will impact strategic decisions, risking missed opportunities and falling behind competitors, according to Cisco. Yet, CEOs are not standing still. With support from IT leaders and trusted partners, they plan to empower their people, modernize infrastructure, and strengthen cybersecurity to sharpen their competitive edge in an AI-driven future. “Leaders who act decisively today to build resilient, future-proofed networks will be … More →

The post CEOs must act now to embrace AI or risk falling behind appeared first on Help Net Security.