%term

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Jan 23, 2025 By Julian Tuin In Arctic Wolf

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.

Read Post

Arctic Wolf

Read more about CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Using Data Pipelines for Security Telemetry

Jan 23, 2025 By Jeff Darrington In Graylog

It’s a warm, sunny day as you lie in the sand under a big umbrella. Suddenly, you feel the waves crashing against your feet, only to look down and see numbers, letters, usernames, and timestamps. You try to stand up, but you feel the tide of big data pulling you under… With a jolt, you wake up, realizing that you were having another nightmare about your security Data Lake and analytics.

Read Post

Graylog

Read more about Using Data Pipelines for Security Telemetry

Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Jan 23, 2025 By Ben Desjardins In Snyk

It’s been over a decade since DevSecOps was introduced as a transformative approach to software development, but adoption remains uneven. Despite its promise of seamless integration between development, security, and operations, only 38% of organizations report fully automating the addition of new projects, branches, or repositories into their security testing queues.

Read Post

Snyk

Read more about Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

The 8 Types of Penetration Testing: When You Need Them and How Often to Test

Jan 23, 2025 By Alton Johnson In Vonahi Security

Penetration testing (aka pentesting or ethical hacking) might sound intense—and honestly, it is—but think of it as your digital stress test. Ethical hackers mimic real cyberattacks on your systems to find weak spots before the bad guys do. The coolest part? Pen tests come in different flavors, each targeting specific risks. So, how do you know when it’s time for a pentest? How often should you schedule them? And which one is right for your business?

Read Post

Vonahi Security

Read more about The 8 Types of Penetration Testing: When You Need Them and How Often to Test

Harnessing Cyber Risk Modeling to Navigate Modern Business Threats

Jan 23, 2025 By Kovrr In Kovrr

‍Embracing cyber risk management during a time in which the average cost of a data breach nearly surpasses $5 million is not merely a strategic option; it’s an absolute imperative. ‍ This calculated move, however, is not as straightforward as deploying an end-point detection solution, for example, or conducting monthly cybersecurity awareness sessions.

Read Post

Kovrr

Read more about Harnessing Cyber Risk Modeling to Navigate Modern Business Threats

One Identity Active Roles: Fortify your identity security journey

Jan 23, 2025 By One Identity In One Identity

Configure user lifecycle management processes with Active Directory management solutions that can streamline later implementation projects and supplement IGA.

View Video

One Identity

Read more about One Identity Active Roles: Fortify your identity security journey

BreachForums Admin To Be Re-Sentenced After Violating Conditions Of His Release

Jan 23, 2025 By ImmuniWeb Cybersecurity Blog In ImmuniWeb

Read also: Europol’s largest-ever operation seizes millions in criminal assets, Italian teen arrested for hacking, and more.

Read Post

ImmuniWeb

Read more about BreachForums Admin To Be Re-Sentenced After Violating Conditions Of His Release

CAF-aligned DSPT FAQs for NHS and Healthcare Organisations (2024-2025 and beyond)

Jan 23, 2025 By Harman Singh In Cyphere

Show your customers and supply chain you can manage application risks with secure coding practices. Assess yours before it’s too late. Box-ticking approach to penetration tests is long gone. We help you identify, analyse and remediate vulnerabilities so you don’t see the same pentest report next time.

Read Post

Cyphere

Read more about CAF-aligned DSPT FAQs for NHS and Healthcare Organisations (2024-2025 and beyond)

#188 - The MSSP Alert 2024 Pricing Benchmark Report with Sharon Florentine from CyberRisk Alliance

Jan 23, 2025 By LimaCharlie In LimaCharlie

On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report. Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.

View Video

LimaCharlie

Read more about #188 - The MSSP Alert 2024 Pricing Benchmark Report with Sharon Florentine from CyberRisk Alliance

AI: The Cybersecurity Revolution or Apocalypse? Interview with Steve Wilson at DAVOS 2025

Jan 23, 2025 By Exabeam In Exabeam

AI is reshaping both innovation and cybercrime, with attackers leveraging its power to outpace traditional defenses. As cybercrime costs surge, organizations must adopt strategies to bridge the cybersecurity skills gap and adopt AI to stay ahead.

View Video