Biztonsági szemle

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20273 Cisco IOS XE Web UI Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for...

What cloud service providers need to know to prepare for FedRAMP Baselines Rev. 5, as documented in the new Transition Guide.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

My tool base64dump.py takes any input and searches for encoded data. By default, it searches for base64 encoding, but I implemented several encodings (like vaious hexadecimal formats):

If we really want to move the dial on security habits, it's time to think beyond phishing tests. Our panel of CISOs and other security heavy-hitters offer expert tips that go beyond the obvious.

Attackers compromised customer support files containing cookies and session tokens, which could result in malicious impersonation of valid Okta users.

Most companies offer some kind of awareness training these days. But how much of those lessons are employees actually retaining?

SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.

A patch for the max severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, there's a new unpatched threat.