A chain of vulnerabilities in MikroTik routers could allow an attacker to gain a backdoor. The chain starts with DNS poisoning, goes on to downgrading the installed version of MikroTik's RouterOS software, and ends with enabling a backdoor.Tenable found the vulnerabilities and disclosed two to MikroTik on September 11, 2019 (CVE-2019-3976 and CVE-2019-3977)

Aviatrix, a California-based provider of cloud networking and security services for enterprises, on Monday announced that it raised $40 million in a Series C funding round.The round, which brings the total raised to date by Aviatrix to over $76 million, was led by CRV, with participation from Formation 8, Ignition Partners and Liberty Global Ventures.Aviatri

Fortinet on Monday announced that it has completed the acquisition of San Francisco-based endpoint security company enSilo in an effort to enhance and strengthen its solutions.Through the acquisition, Fortinet adds enSilo’s detection and response technology to its Security Fabric framework, which enables organizations to manage different segments of network

Network security firm Palo Alto Networks is planning to increase the price of its hardware products by a 5%, citing impact from recent tariffs for imported components. The Santa Clara, California-based cybersecurity company offers both network firewalls and cloud-based security solutions to help protect enterprise environments.The manufacturer relies on

A group of security researchers from German universities has devised a new class of web cache poisoning attacks that could render victim services unreachable.The cache is meant to reduce the volume of network traffic through the reuse of HTTP responses and helps applications scale at large, in addition to providing protection against denial-of-service (DoS)

Amazon Web Services (AWS) customers experienced service interruptions yesterday as the company struggled to fight off a distributed denial-of-service (DDoS) attack.As part of such an assault, attackers attempt to flood the target with traffic, which would eventually result in the service being unreachable.While customers were complaining of their inability t

When 5G was formally announced in 2018, it came with promises of changing the face of wireless connectivity – those promises are finally being realized. Around the world, wireless carriers are switching on functionality and, in both the U.S. and the UK, all major vendors have enabled it. But for now, 5G is only available in major urban areas, such as London,

ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Outdated and unsupported operating systems are still present and they still pose a serious risk in many industrial organizations, according to a new report from industrial cybersecurity firm CyberX.The company’s 2020 Global IoT/ICS Risk Report is based on data passively collected by CyberX from over

Cisco on Wednesday informed customers that some of its Aironet access points (APs) are affected by a critical vulnerability that can be exploited by a remote attacker to gain unauthorized access to devices.The flaw, tracked as CVE-2019-15260, is caused by insufficient access control for some URLs, which allows an attacker to gain access with elevated privile

A critical vulnerability patched recently by Sophos in its Cyberoam firewall appliances allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.The flaw, tracked as CVE-2019-17059, affects the CyberoamOS Linux-based operating system and it can be exploited by sending specially crafted requests to the product’s Web Admin o

Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back. Like most people, the internet knows way too much about me — my age, address, phone

A critical remote code execution (RCE) vulnerability affecting several D-Link routers that reached their end of life (EOL) remains unpatched.Tracked as CVE-2019-16920 and featuring a CVSS score of 9.8, the vulnerability was found in D-Link DIR-655, DIR-866L, DIR-652, and DHP-1565 routers, all of which are no longer supported, meaning that no patch will be re

NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats.NIST stresses that the primary purpose of the document (PDF) is to develop a stan

Threat intelligence firm Anomali on Monday announced the launch of Lens, a new tool designed to make it easier for organizations to find and use threat data from a wide range of sources.Anomali Lens is part of the company’s Altitude solution, which also includes its flagship threat intelligence platform ThreatStream and Match, a breach detection platform tha

One of the financially motivated threat actors operating under the Magecart umbrella appears to be testing malicious code to inject into commercial-grade layer 7 (L7) routers, IBM reports.These devices are used by hotels, resorts, airports, and in other public locations. According to IBM, Magecart Group 5 (MG5) is attempting to load code into the JavaScript