Category: Security Boulevard

The Old Guard: Firewalls, VPNs and Exposed Control Planes Cyberattacks have evolved beyond the perimeter. No longer limited to opportunistic breaches, attackers are now executing coordinated campaigns that target the very foundations of enterprise network infrastructure — firewalls, VPNs, and…

Read more →

S4 EP 5: What’s changed, what’s working, and how to prepare for when, not if, incidents hit critical infrastructure. The post How Critical Infrastructure Leaders Are Rethinking Cybersecurity appeared first on Security Boulevard. This article has been indexed from Security…

Read more →

In today’s rapidly changing digital environment, APIs play a crucial role in modern business, facilitating smooth connectivity and data sharing. Yet, this interconnected nature brings significant security and privacy risks, as evidenced by the Federal Trade Commission’s (FTC) recent settlement…

Read more →

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), was fired by Donald Trump in 2020 for publicly affirming that the presidential election was secure and free from widespread fraud. Fast-forward to April 2025: Trump, now…

Read more →

Mend.io continues to deliver uninterrupted, multi-source vulnerability protection. The post MITRE CVE Program Uncertainty: Mend.io’s commitment to uninterrupted vulnerability protection appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: MITRE CVE Program…

Read more →

A whistleblower in the NLRB said in sworn testimony that staffers within the Musk-led DOGE group breached agency systems, exfiltrated sensitive data, and used tools and techniques similar to those wielded by cybercriminals to hide their actions. The post Whistleblower:…

Read more →

Concerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation. Background The Tenable Security Response Team has compiled this…

Read more →

<a class=” sqs-block-image-link ” href=”https://xkcd.com/3075/” target=”_blank”> <img alt=”” height=”404″ src=”https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b26702a8-0de1-46d9-b121-7ecfb1488974/hallenge.png?format=1000w” width=”265″ /> </a><figcaption class=”image-caption-wrapper”> via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Anachronym Challenge’ appeared first on Security Boulevard.…

Read more →

Author/Presenter: Mike Larkin Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink The post BSidesLV24…

Read more →

Yesterday’s headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, the CVE Foundation emerged with a plan…

Read more →

IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored…

Read more →

This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by…

Read more →

Author/Presenter: Brian Reilly Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink The post BSidesLV24…

Read more →

The Trump Administration is ending funding for MITRE’s crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government funding and oversight. The post…

Read more →

These are “interesting” times: U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16. The post MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’ appeared first on Security Boulevard. This article has been indexed…

Read more →

Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates. Background On April 15, Oracle released its Critical Patch Update (CPU) for April 2025, the second quarterly update of the year. This…

Read more →

The Trump Administration is ending funding for MITRE’s crucial CVE database program, a move that promises to hobble cybersecurity efforts around the world. However, CVE Board members introduce a new nonprofit organizations free of government funding and oversight. The post…

Read more →

DataDome conducted a security assessment of the UK’s online driving test booking system and identified several vulnerabilities in the system’s protection mechanisms. The post Alert: Security Gaps Allow Bots to Exploit UK Driving Test Booking System appeared first on Security…

Read more →

That AI has gotten much more proficient in social engineering is a revelation that’s not surprising, but still sets alarm bells ringing. The post In a Social Engineering Showdown: AI Takes Red Teams to the Mat  appeared first on Security…

Read more →

MITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15,…

Read more →