Security Bulletin

Today's hybrid workplaces create network performance and security risks for employees. Learn how SSE and Cisco Secure Access are empowering businesses to address these challenges.

Every day, we see powerful examples of how cybersecurity needs to be at the forefront of national security and business operations. Our goal is to strengthen our businesses, governments, and organizations by bridging the cyber skills gap — thereby...

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated version of...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability CVE-2021-1435 Cisco IOS XE Web UI...

CISA released one Industrial Control Systems (ICS) advisory on October 19, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-143-02 Hitachi Energy’s RTU500 Series...

Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...

Data can be a powerful tool in the fight against climate change, but not if we continue to compare apples and oranges! Learn how standardization can help monitor, report, optimize, and consistently automate sustainability-related metrics.

By identifying a champion and practicing continued assessment, companies can bolster their API security.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Should CISOs include only known information in the SEC filings for a material security incident, or is there room to include details that may change during the investigation?

The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.