Zyxel Hardcoded Backdoor Account VulnerabilityOn December 23rd, 2020, the Dutch security firm Eye disclosed a hardcoded backdoor account within the firmware 4.60 on Zyxel Firewalls and AP Controllers. The credentials for this account cannot be changed or altered unless the firmware is patched. These hardcoded credentials provide access to both SSH and web admin interfaces, where additional...

Businesses of all sizes have some form of data that a threat actor could exploit. It is even possible for a cyber-criminal to invade a company's available network with the sole purpose of causing web security testing issues. Whether it involves patient medical histories, credit card data, available consumer transaction histories, or trade secrets, if a company uses technology to transmit or store...

As a merchant, you are likely familiar with the strict Payment Card Industry Data Security Standard (PCI DSS) requirements set by the PCI Security Standards Council (SSC). Failure to adhere to PCI compliance standards creates vulnerabilities within your business’s network that could result in a loss of sensitive credit cardholder data from consumers and malicious intrusion into your business...

Do you own a business that stores, processes, or transmits sensitive data such as credit card information online? If so, you must comply with the Payment Card Industry Data Security Standards (PCI DSS), a set of 12 main regulations to protect customer data. The PCI Security Standards Council compiled the PCI DSS. The council’s members consist of major card companies, including MasterCard, Visa,...

Advisory Solarwinds Orion Vulnerabilities Security Advisory: SolarWinds OrionAs you have likely seen in news reports over the last weeks, a series of significant security incidents occurred in earlier this month related to malicious cyber actors exploiting VMware® Access and VMware Identity Manager products and a security breach at FireEye uncovering injected malware within SolarWinds network...

Businesses are becoming increasingly vulnerable to digital threats and cyber attacks. While you might be aware of the need for security services, developing your in-house solution is often costly, time-consuming, and potentially ineffective against evolving threats.One solution is Security as a Service (SECaaS), which follows the software as a service model. In this type of security management, an...

SolarWinds Orion Supply Chain (SUNBURST) Backdoor VulnerabilitySolarWinds Orion Supply Chain (SUNBURST) BackdoorOn December 13th, the security firm FireEye released the details of a sophisticated manual supply chain attack that affects SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 (with no hotfix installed) or 2020.2 HF 1. The threat actors involved were able to incorporate a malicious ...

These days, data breaches within organizations occur so often that they are an expected inevitability. Threat actors are always seeking ways to infiltrate a system to exploit it for personal gain, whether to release sensitive information like trade secrets or slow a company down to a crawl by taking over its network. A business's IT department and security team can prevent this issue with an...

These days, it seems like most businesses are dealing with a cybersecurity attack that leaks sensitive information to the public and wreaks havoc on their day-to-day operations. Vulnerability scans are a way to identify areas of weakness within an online security network, but they are not enough. Scanning for web application vulnerabilities in conjunction with penetration testing is a more...

Learn how data center monitoring tools help ensure maximum uptime for data centers, whether on-prem, at a co lo, or operating as a hybrid data center.

Importance of Cyber Threat ManagementWith the ever increasing number of threats and complex network and system attacks, organizations are constantly struggling to keep up with mitigation and prevention solutions. According to an article from IBM on the Cost of a Data Breach, businesses and other organizations can save an average of $1.2 million when breaches are detected sooner. Detecting cyber...

D-Link VPN Router VulnerabilitiesDigital Defense, Inc. is disclosing vulnerabilities identified in D-Link VPN routers discovered by our Vulnerability Research Team (VRT). The engineers at D-Link were prompt in their response when notified of the flaws and have provided hot fixes for these cyber security issues.D-Link has made a patch in the form of a hotfix for the affected firmware versions and...

Let's face it. Today's businesses can't function without IT infrastructure. Computers, laptops, phones, and other IT devices are essential for storing and sharing important files and data.With such an essential function, businesses, both big and small, need a professional IT team to maintain and improve their network security. If you think your company is too small for criminals to notice, think...

Drupal Arbitrary PHP Code Execution VulnerabilityOn November 16th, 2020, several file manipulation vulnerabilities within the PEAR Archive_Tar library were disclosed, given CVE-2020-28948 and CVE-2020-28949. This PEAR library is used by Drupal, although these vulnerabilities impact any platform that utilizes PEAR in their code. If Drupal is configured to allow file uploads and the processing of...

Network vulnerabilities constantly evolve, resulting in the loss of valuable information and revenue from businesses. Though threat actors can find new weaknesses every day, some of their methods remain the same. Hackers have tried-and-true methods for infiltrating a seemingly secure network, and they employ various tricks, devices, and information to get the job done.Small businesses often do not...

It's not easy to keep up with threats to your tech systems, services, and applications. With new vulnerabilities appearing on a daily basis, you need a solution that regularly assesses your security operations. This is where managed vulnerability scanning comes into play.Fortra's managed vulnerability scanning service combines modern vulnerability assessment and scanning tools with experienced...

Still writing queries in SQL? Sure, it’s a powerful way to access IBM i data. But is it enough?

Hackers will take advantage of any weakness in your cybersecurity systems, especially the most vulnerable parts of your IT infrastructure -- web applications.By design, web applications are publicly accessible on the internet at all times, giving hackers near unlimited access to breach unprotected web servers without being on premises. Fortunately, you can prevent this with a reliable website...

Penetration testing and vulnerability scanning can be commonly confused as the same type of security testing service. However, issues arise when business owners purchase one type of security scan when they actually need another kind. It may help to understand the differences between the two main types of security testing: penetration testing and vulnerability scanning. Vulnerability scanning and...