In order to provide you with the best experience possible we might sometimes track information about you. Sometimes this may involve writing a cookie. We use this information for things like experience enrichment, analytics and targeting advertising. We recommend allowing these functions to get the most out of your experience.
OK
Experts Warn of Attacks on a Cisco ASA Security Flaw due to a new Proof-of-Concept Exploit
/by Heidi Gerken, Senior Sales EngineerA security flaw can allow an unauthenticated attacker to remotely conduct a cross site scripting (XSS) attack against a user of the web services interface. Enterprises should patch their Cisco ASA Software and Firepower Software as soon as possible.
Zero Trust Is Here to Stay, So How Can I Prepare My Network?
/by Wayne Lloyd, Federal CTO, RedSealWhether you agree or not with the concept–zero trust architecture is here for the foreseeable future, and unless your organization is cloud-native, you are going to have to prepare to implement zero trust on your existing enterprise. RedSeal can continuously monitor your network segmentation and micro segmentation policies to stay compliant with your zero-trust architecture goals.
Cloud Security Posture Management and RedSeal
/by Nate L. Cash, Senior Director, Federal Professional Services/ Director of Information SecurityGaps in your security posture are where the cyber storm fronts are and the cyber storm is both on-prem and in the cloud. To do your job correctly, you need to get an accurate forecast today of the cyber weather, and the rush to move assets into the cloud has created all sorts of new stormy weather to contend with.
Old Fortinet Flaws are being used to breach federal and commercial networks
/by Heidi Gerken, Senior Sales EngineerThe Federal Bureau of investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory warning that 3 Fortinet CVEs (CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591) are being leveraged to gain a foothold in government agency and commercial networks to be exploited in the future.
F5 Server iControl REST unauthenticated remote command execution vulnerability
/by Heidi Gerken, Senior Sales EngineerF5 has released patches for several BIG-IP and BIG-IQ critical vulnerabilities. CVE-2021-22986 is the most critical since it allows unauthenticated attackers with network access to use the iControl REST interface, via the BIG-IP management interface and self IP addresses, to execute system commands that could lead to complete system compromise.
Microsoft Releases Fixes for 4 Zero Day Exchange Server Vulnerabilities
/by Bill Burge, RedSeal Professional ServicesMultiple news sources, security researchers and security agencies have reported on a new attack against tens, if not hundreds, of thousands of Internet accessible Exchange servers configured for Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Outlook Web App (OWA) access. These attacks are being carried out by the China nation/state sponsored hacking group known as Hafnium.
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers
/by Bill Burge, RedSeal Professional ServicesThe U.S. National Security Agency published a report detailing the top 25 vulnerabilities consistently being scanned, targeted, and exploited by Chinese state-sponsored hacking groups. All 25 vulnerabilities are known and have patches available from their vendors.
Lessons for All of Us From the SolarWinds Orion Compromise
/by Dr. Mike Lloyd, CTO, RedSealAll cybersecurity news events, like the recent disclosure of compromise involving SolarWinds Orion by APT 29, aka “Cozy Bear,” cause CISOs to ask the same initial questions:
Do I have this problem? Where? What are the consequences?
In this instance, the attack is extremely sophisticated, and quite alarming – it’s a supply chain attack, involving […]
Supporting the DoD’s Defend Forward Initiative
/by Wayne Lloyd, Federal CTO, RedSealWhat is Defend Forward?
The DoD’s Defend Forward operational concept has been rolling out over the past few years. Policy makers and cyber defenders in government realized that, as the situation in Afghanistan led directly to the rise of Al-Qaeda and the 9-11 attacks, the situation in cyberspace was going to lead to crippling […]
Why I Chose RedSeal
/by Bryan Barney, RedSeal CEOI’ve been in cybersecurity for 19 years and love the field. It’s technically a very challenging problem to solve and the stakes are extremely high. Those of us in this field are defending the foundation of the information age. We are protecting the money in people’s bank accounts, their personal privacy and dignity, and even […]