#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

enterprise firewall | Breaking Cybersecurity News | The Hacker News

Category — enterprise firewall
Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!

Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!

Jul 29, 2020
Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions. Vendors that sunset on-premise solutions force clients that prefer on-premise solutions to either change their operating environment and approach or change vendors. Fortunately, some vendors continue to provide their offerings in both cloud and on-premise versions. One such company is Cynet , which allows clients to deploy their EDR and XDR (Extended Detection and Response) solutions in on-premise, cloud, and hybrid cloud delivery models. Clients can access the solution in any way they see fit now and into the future. This provides an alternative for organizations that do not want to be forced to move into the cloud. Cloud vs. On-Premise The cloud vs. on-premise argument continues to rage. Recently, however, it seems that everyone is jumpin
Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

Jul 04, 2020
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application data they manage. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface (TMUI) for BIG-IP application delivery controller (ADC). BIG-IP ADC is being used by large enterprises, data centers, and cloud computing environments, allowing them to implement application acceleration, load balancing, rate shaping, SSL offloading, an
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

May 05, 2020
Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The security advisory—about which The Hacker News learned from Dimitri van de Giessen , an ethical hacker and system engineer—is scheduled to be available publicly later today on the Citrix website . Citrix ShareFile is an enterprise-level file sharing solution for businesses using which employees can securely exchange proprietary and sensitive business data with each other. The software offers an on-premises secure cloud environment for data storage with auditing capabilities and regulatory compliance controls. For example, a company can remotely lock or wipe data from potentially compromised mobile devices, or they're when lost or stolen. The newly identified security issues ( CTX-CVE-2020-7473 ) specifically affect customer-managed o
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

Feb 05, 2018
The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken. To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS) . Its research team, Cato Research Labs, maintains the company's Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page .) Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining. However, there are significant risks of i
Expert Insights / Articles Videos
Cybersecurity Resources