Blog

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

Actualités
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"
Read More

EUELEx19_AAR (ENISA)

Actualités
On April 5th, the European Parliament, the European Commission and the EU Agency for cybersecurity (ENISA) in close cooperation with the EU Member States organised an exercise to test the EU's response to and crisis plans for potential cybersecurity incidents affecting the EU elections. This report is divided into three (3) sections. In the first section, a summary of the national briefings is presented while in the second the results of the preparatory survey are presented together with some key conclusions. In the third section, the exercise scenario is presented together with the various incidents, injects and main takeaways from the players’ votes. Finally, in the Annexes we present anonymized responses to the injects and the satisfaction survey results.
Read More

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

Actualités
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal command-and-control (C&C) for defense evasion purposes. Cybersecurity company Sygnia, which responded to
Read More

What is DevSecOps and Why is it Essential for Secure Software Delivery?

Actualités
Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk.
Read More