Network device security Appliances firewalls and switches
- January 17, 2020
Citrix discovered another product affected by last month's vulnerability, while security researchers found an attacker blocking exploits of the vulnerability.
- January 14, 2020
Citrix announced security fixes on the way one month after disclosing a vulnerability in its ADC and Gateway appliances, which has already seen preliminary attacks in the wild.
- January 13, 2020
Signal Sciences co-founder and CEO Andrew Peterson explains why web application security often gets shortchanged and what his next-gen WAF company is doing to change that.
- January 10, 2020
Scans for vulnerable Citrix servers were discovered by security researchers following the disclosure of a remote code execution flaw in Citrix ADC and Gateway products.
- November 05, 2019
Following months of warnings from law enforcement and the infosec community, the first BlueKeep exploit campaign was discovered in the wild and experts say it won't be the last.
- October 29, 2019
Adobe exposed data on 7.5 million users and employees and one expert says the incident highlights why production data shouldn't be used in test environments.
- October 14, 2019
Imperva CTO Kunal Anand posted updated information regarding the recent breach affecting Cloud WAF customers and admitted poor security controls led to the compromise.
- August 28, 2019
Imperva told its cloud WAF customers to change passwords and SSL certificates after a security incident exposed data and potentially put customers at risk for further attacks.
- May 22, 2019
This week's Risk & Repeat podcast looks at vulnerabilities in Cisco and Huawei products, which have raised concerns about backdoor access in networking equipment.
- April 12, 2019
Researchers discovered vulnerabilities in the WPA3 protocol, specifically in the Dragonfly handshake authentication, allowing for multiple exploits branded Dragonblood.
- April 11, 2019
Troubles continue for Huawei as new bans and government reports put security into question, but the company is attempting to fight back against the criticism.
- March 08, 2019
VMware is taking a different approach to firewalls by focusing on 'known good' behavior to better police east-west traffic within enterprise environments.
- March 07, 2019
Microsoft told RSA Conference attendees a zero-trust model is better than firewalls for protecting corporate data -- a stance that some said doesn't go far enough.
- November 09, 2018
News roundup: A new spam botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers. Plus, HSBC Bank reported a data breach, and more.
- November 02, 2018
Armis researchers discovered two chip-level Bluetooth vulnerabilities -- dubbed Bleedingbit -- that could allow pseudo-remote code execution on wireless access points.
- October 11, 2018
Tenable Research finds new exploits of an already patched MikroTik router vulnerability that could enable hackers to launch remote code execution attacks.
- September 25, 2018
Cisco hit by yet another new hardcoded credentials flaw, the latest in a long line of such flaws since last year, this time in its video surveillance manager appliance.
- July 19, 2018
Researchers used individual test reports and comparison data to determine the value of investments in next-generation firewall technology.
- April 13, 2018
News roundup: Home routers are susceptible to a UPnP vulnerability that proxies bad traffic in a new way. Plus, AMD and Microsoft released patches for the Spectre flaw, and more.
- October 06, 2017
News roundup: Google researchers find and patch vulnerabilities in the Dnsmasq server that are used widely in routers and IoT devices. Plus, EU-U.S. Privacy Shield challenge and more.
- June 22, 2017
Cisco claims it can accurately detect malware activity in encrypted traffic using machine learning, but some experts worry about privacy implications.
- June 16, 2017
The latest WikiLeaks release on CIA hacking tools includes the CherryBlossom project, which highlights router security issues, including a lack of firmware signing validation.
- June 16, 2017
News roundup: DeltaCharlie malware is a threat to the U.S., according to a US-CERT warning about Hidden Cobra. Plus, a DVR flaw could create a bigger botnet than Mirai, and more.
- May 12, 2017
News roundup: A Cisco vulnerability disclosed in the Vault 7 dump finally has a patch. Plus, Google's fuzzing bot finds over 1,000 bugs in five months, Comey dismissed and more.
- May 09, 2017
Servers may have been at risk of attack for years because of an Intel AMT security risk that was recently disclosed before manufacturers could patch.
- April 13, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, Kevin Walker, Juniper Networks' security chief technology and strategy officer, talks about SDN security challenges.
- February 23, 2017
Google restructured its network security with the BeyondCorp program and wants to show other organizations how to move past firewalls.
- January 13, 2017
News roundup: St. Jude Medical patches vulnerable medical IoT devices after a five-month controversy. Plus, the Email Privacy Act is reintroduced; Juniper warns of a firewall flaw; and more.
- January 12, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors highlight the topics discussed at the CES Cybersecurity Forum, as well as new technologies showcased at the event.
- January 09, 2017
The Federal Trade Commission filed a lawsuit against D-Link, and experts said the move was likely to push more secure routers in the wake of the Mirai botnet attacks.
- January 06, 2017
News roundup: FTC starts a contest to create a better IoT device security tool. Plus, ransomware is now illegal in California; Google patches 29 critical Android flaws; and more.
- December 30, 2016
In this episode of SearchSecurity's Risk & Repeat podcast, SSH creator Tatu Ylonen talks about the SSH security issues facing enterprises today and how they should be addressed.
- December 14, 2016
A major Netgear security vulnerability in routers prompted experts to suggest abandoning products, as Netgear finally releases a beta patch.
- October 28, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss the DDoS DNS attacks on Dyn and what they mean for DNS providers, IoT device manufacturers and enterprises.
- October 13, 2016
Akamai researchers discovered how unknown threat actors are using an SSH flaw to secretly gain control of IoT devices and turn them into proxies for malicious traffic.
- September 20, 2016
Cisco warns that an as-yet unpatched vulnerability derived from Shadow Brokers' BENIGNCERTAIN hacking tool is being exploited in the wild.
- August 25, 2016
Researchers easily modified the NSA's EXTRABACON SNMP exploit to target newer versions of Cisco ASA software, but Cisco has patches rolling out.
- August 25, 2016
More unanswered questions remain about the Shadow Brokers' release of NSA/Equation Group cyberweapons cache, as vendors move to mitigate and researchers search for vulnerabilities.
- August 23, 2016
A Cisco security vulnerability affecting routers was found in the Shadow Brokers cyberweapon dump, and it may have been used by the NSA for years to decrypt VPN traffic.
- December 23, 2015
Juniper firewalls are reportedly vulnerable to two serious backdoors, and the NSA may be at least indirectly responsible for one that exposes VPN data.
- September 18, 2015
News roundup: Additional research shows a Cisco router implant affects more devices than originally reported. Plus: Let's Encrypt's first cert issued; Tor in the library; the mitigated (but not fixed) iOS AirDrop vulnerability.
- August 07, 2015
News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.
- July 30, 2015
Vendors, such as Intel and Cisco, are hoping to pave the way for a security ecosystem in which applications communicate threat intelligence amongst each other. Will it work?
- June 05, 2015
News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?
- May 29, 2015
News roundup: Cybersecurity is finally garnering attention at the boardroom table, but not necessarily for the right reasons. Plus: Ponemon's "Cost of Data Breach"; D-Link vulnerabilities; NitlovePOS; bad bots.
- May 26, 2015
A newly discovered router vulnerability could leave millions of connected devices open to denial-of-service attacks and remote code execution.
- May 11, 2015
Intel Security wants to offer a full set of security products, but believes highest value may come from being a bridge. Security Connected aims to integrate non-Intel products and place Intel at the center, although experts worry about complexity.
- April 30, 2015
At an RSA Conference session, attendees learned how WestJet Airlines' Security Architecture Made Simple with software-defined security and automation reduced network turbulence.
- February 17, 2015
In comparing UTM vs. NGFW, organizations find it difficult to see if there are differences between the two products or if it is just marketing semantics.
- February 12, 2015
A new report from FireMon finds that firewalls are still a critical security component, but firewall policy management is a major pain point for admins.
- January 16, 2015
News roundup: Recently discovered firmware flaws highlight the challenges posed by hardware security. Plus: Heartland's breach warranty; RSA's overhaul; and Download.com's app (in)security.
- January 16, 2015
In a sneak preview of its 2015 PCI Compliance Report, Verizon says improper firewall maintenance is among the leading causes of PCI DSS compliance failures.
- November 21, 2014
News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.
- November 01, 2014
More than 1,700 voters weighed in and helped us award this year's top security technologies in 22 categories.
- October 03, 2014
News roundup: Palo Alto's next-generation firewall fared poorly in a recent NSS Labs report, leading to a testy back-and-forth about NGFW testing. Plus: Mitnick selling zero days; EMET bypassed, again; iThemes stored plaintext passwords.
- May 23, 2014
When comparing NGFW appliances, experts say that enterprises should focus on products that meet specific needs, not just those with the most features.
- March 28, 2014
The bundle of IOS security patches addresses a total of six denial-of-service vulnerabilities in Cisco's enterprise networking products.
- March 10, 2014
New Cisco CTO Martin Roesch says the Cisco product roadmap for network security will include a robust NGFW using Sourcefire technology.
- March 07, 2014
Cisco Systems has provided a security patch for an authentication vulnerability found in its Wireless N-VPN family of routers and firewall.
- April 16, 2013
SSH Communications Security will offer a free tool for auditing SSH key use within large organizations at next week's Infosecurity Europe conference.
- March 20, 2013
Cisco has issued a security advisory after Hashcat researchers disclosed a password flaw in IOS and IOS XE devices that enable brute-force attacks.
- December 17, 2012
Blue Coat said Crossbeam gives it a platform for its software and also helps bolster its network optimization strategy in high-end data centers.
- November 27, 2012
Hard-coded passwords on some Samsung and Dell printers could enable an attacker to take control of an affected device.
- July 11, 2012
Bloated firewall rules are making security unmanageable and audits a nightmare, according to a survey by firewall management vendor Athena.
- May 14, 2012
Gartner released a report detailing market growth from 2010-2011 throughout the UTM vendor industry.
- April 16, 2012
HP has notified customers that some ProCurve 5400 zl switches were shipped that contained compact flash cards infected with malware.
- March 13, 2012
Dell’s security portfolio expands with purchase of unified threat management and next generation firewall vendor SonicWall from private equity firm.
- November 30, 2011
Researchers at Columbia University have discovered a vulnerability in HP’s LaserJet printers that could allow attackers to gain complete remote control.
- August 03, 2011
Noted researcher Dan Kaminsky presented his latest network security research topics, including vulnerabilities in P2P networks, UPNP and home routers.
- April 12, 2011
NSS Labs Inc., an independent testing firm, has found that some firewalls are failing stability tests and contain a flaw that enables attackers to easily bypass them.
- February 15, 2011
Many network security professionals take the wrong approach when testing their networks, according to one prominent security expert.
- February 14, 2011
Lumension announced the Endpoint Intelligence Center to protect endpoint computers from threats, malware and third-party software vulnerabilities.
- July 28, 2010
While the vendors have released patches, SecureWorks researchers told Black Hat 2010 attendees that many enterprises place too much trust in their security systems and fail to check them for basic vulnerabilities.
- May 04, 2010
Some network administrators fear too many security features can cause bottlenecks, slowing the network or worse, shutting it down altogether.
- June 15, 2009
Tweaking rules could result in disrupting business communications or opening a hole for unauthorized traffic. Firewall management tools ease the burden.
- April 22, 2009
Technologists say security information and event management success depends not on the product, but on the risk and information management program implemented with it. Also, small businesses lack the resources to get much value from SIEM systems.
- March 17, 2009
Microsoft's new gateway lacks policy enforcement integration and does not detect the presence of sensitive data or provide PCI features.
- December 22, 2008
Check Point said its acquisition of Nokia's security business will help it expand its line of security products.
- December 02, 2008
IxDefend from Ixia addresses network device and application flaws by fuzzing them to expose flaws and trigger problems.
- December 01, 2008
Firewall management is critical in today's regulatory climate. Companies looking to streamline firewall management will look to tools from several vendors.
- November 26, 2008
Web application security expert Ryan Barnett would like to see every company use a Web application firewall. But Barnett, director of security at Web application firewall vendor Breach Security Inc., knows that companies need to use more than just ...
- October 20, 2008
McAfee addresses its NAC gaps while customers seek ways to meld network and endpoint security technologies.
- September 29, 2008
Dan Kaminsky, discoverer of a severe DNS vulnerability, says there are a number of complicated systems still vulnerable to attack.
- August 07, 2008
Black Hat: Building on previous research against IOS, Core Security researchers have theoretically shown the plausibility of an IOS rootkit attack.
- June 17, 2008
Fortinet said that IPLocks' vulnerability scanning technology will help it broaden its portfolio beyond application security.
- March 26, 2008
Montego Networks says its HyperSwitch will integrate virtual network policy enforcement and access control into security products from Blue Lane, Catbird, and StillSecure.
- January 10, 2008
As consumers demand more defenses within their IT infrastructure, telecom companies are pushing deeper into the security market. Verizon's new UTM service is an example.
- December 05, 2007
Cisco Systems Inc. is adding role-based access control into its switches to carry role information to every enforcement point in the network.
- October 10, 2007
Several new attack methods against Cisco IOS were uncovered during an analysis conducted by researchers at Information Risk Management.
- September 17, 2007
Firewall vendor NetContinuum was quietly snatched up last month by Barracuda Networks, a vendor looking to capitalize on the growing demand for Web application security tools.
- August 30, 2007
Security flaws in Cisco CallManager and Unified Communications Manager could be exploited for cross-site scripting and SQL injection attacks, but a security update is available.
- March 07, 2007
Sophisticated hackers are finding ways to break into systems by exploiting security flaws in a computer's device drivers, physical memory and PCI cards. As SearchSecurity.com Executive Editor Dennis Fisher explains, while enterprise software vendors...
- November 15, 2006
Fiber optic networks aren't hack-proof: A savvy attacker can crack them with ease.
- July 12, 2006
Secure Computing is buying messaging security vendor CipherTrust for nearly $274 million. The move is intended to strengthen Secure Computing's unified threat management program.
- June 05, 2006
The San Diego Supercomputer Center has had only one compromise in nearly six years, without using a firewall. The SDSC's security manager explains how.
- February 15, 2006
In his RSA Conference keynote address Thursday, Internet Security Systems' CEO Tom Noonan plans to discuss his vision of how multiple layers of security can be integrated to provide tighter protection, reduced costs and regulatory compliance.
- December 02, 2005
Enterprise Configuration Manager's latest iteration features new agents that scan and report on *nix systems and stay abreast of new regulations.
- March 01, 2005
The company warns that remote exposure of sensitive information can result from the flaws that affect its Firewall/VPN and Gateway Security and Nexland Pro800turbo products.
- December 30, 2004
Vulnerabilities discovered in Symantec's Firewall/VPN and Gateway Security products last fall also affect the company's Nexland appliances.
- August 20, 2004
Turnkey, all-in-one appliances offer cost-effective security with less hassle.