The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: enterprise firewall

Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!

Is Your Security Vendor Forcing You To Move to the Cloud? You Don't Have To!
July 29, 2020The Hacker News
Many endpoint security vendors are beginning to offer their applications only in the cloud, sunsetting their on-premise offerings. This approach may be beneficial to the vendor, but many clients continue to need on-premise solutions. Vendors that sunset on-premise solutions force clients that prefer on-premise solutions to either change their operating environment and approach or change vendors. Fortunately, some vendors continue to provide their offerings in both cloud and on-premise versions. One such company is Cynet , which allows clients to deploy their EDR and XDR (Extended Detection and Response) solutions in on-premise, cloud, and hybrid cloud delivery models. Clients can access the solution in any way they see fit now and into the future. This provides an alternative for organizations that do not want to be forced to move into the cloud. Cloud vs. On-Premise The cloud vs. on-premise argument continues to rage. Recently, however, it seems that everyone is jumpin

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers
July 04, 2020Swati Khandelwal
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers take complete control of the targeted systems, eventually gaining surveillance over the application data they manage. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface (TMUI) for BIG-IP application delivery controller (ADC). BIG-IP ADC is being used by large enterprises, data centers, and cloud computing environments, allowing them to implement application acceleration, load balancing, rate shaping, SSL offloading, an

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets
May 05, 2020Swati Khandelwal
Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The security advisory—about which The Hacker News learned from Dimitri van de Giessen , an ethical hacker and system engineer—is scheduled to be available publicly later today on the Citrix website . Citrix ShareFile is an enterprise-level file sharing solution for businesses using which employees can securely exchange proprietary and sensitive business data with each other. The software offers an on-premises secure cloud environment for data storage with auditing capabilities and regulatory compliance controls. For example, a company can remotely lock or wipe data from potentially compromised mobile devices, or they're when lost or stolen. The newly identified security issues ( CTX-CVE-2020-7473 ) specifically affect customer-managed o

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security
February 05, 2018Swati Khandelwal
The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken. To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS) . Its research team, Cato Research Labs, maintains the company's Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page .) Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining. However, there are significant risks of i
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.