Homeland Security Uncovers VPN Flaw in Cisco, F5, Palo Alto Networks, Pulse Secure

SDxCentral | April 15, 2019

Homeland Security Uncovers VPN Flaw in Cisco, F5, Palo Alto Networks, Pulse Secure
The National Cybersecurity and Communications Integration Center (NCCIC), the Department of Homeland Security’s cybersecurity division, published an alert on Friday highlighting a flaw found in a number of enterprise virtual private networks (VPN) products. These products come from four vendors: Cisco, F5 Networks, Palo Alto Networks, and Pulse Secure. The alert followed a disclosure from Carnegie Mellon University’s vulnerability center, the CERT Coordination Center. The researchers that unearthed the flaws warned that it was “likely” that similar flaws exist in additional VPN applications and products. While VPNs are used by companies to provide their employees with secure connections to work applications when working remotely, the vulnerability discovered can allow hackers to instead use the secure connections as an avenue to launch cyberattacks. The vulnerable VPN products store the authentication and/or session cookies insecurely in memory and/or log files. This means that through generating cookies — that are stored in plain text — the VPNs give attackers access to applications without having to log in.

Spotlight

At Capgemini, we strive to deliver value through applied innovation. One of the initiatives we participate in is the FinTech & CyberSecurity Program at Startupbootcamp. Being part of this ecosystem allows us to help partners in this network to innovate and solve real business problems. Vincent Fokke, CTO of Capgemini Financial Services Benelux, and Marieke Mouissie, Senior Consultant, share in this video what we have done to play our part in this ecosystem.

Related News

DATA SECURITY

Booz Allen Invests in Tracepoint, the industry's leading digital forensics and incident response company

businesswire | January 08, 2021

Booz Allen Hamilton reported today that it had made an essential interest in Tracepoint, a quickly developing advanced criminology and episode reaction organization serving driving customers in general society and private areas. The organization, helped to establish by Baton Rouge-based Plexos Group and a few industry specialists, has some expertise in supporting digital protection transporters, legal counselors, intermediaries, and their customers through emergencies. The speculation declared today upgrades the capacity of both Tracepoint and Booz Allen to safeguard customers against a developing number of incapacitating digital dangers. “This past year has been dominated by increasingly sophisticated cyber attacks, from the evolution of ransomware business models to a surge in attacks related to remote work,” said Bill Phelps, executive vice president and leader of the firm’s global commercial business. “Organizations must be able to detect, respond, and remediate the most consequential cyber threats to fully capitalize on the benefits of digital transformation. This investment in Tracepoint is part of our broader commitment to delivering comprehensive cyber services and solutions to ensure business resiliency for our global client base.” This speculation supplements Booz Allen's current network safety portfolio, which underpins numerous Fortune 100 and Global 2000 customers, just as essentially every U.S. protection and government office. Booz Allen's administration in online protection keeps on developing. The association's training was as of late positioned by Frost and Sullivan as having the biggest piece of the pie in Managed and Professional Security Services in the Americas. The association's business conveys progressed digital administrations for customers across various enterprises, including monetary administrations, wellbeing and life sciences, energy, transportation, and assembling. “Both of our organizations, Tracepoint and Booz Allen, are dedicated to helping clients defend against and respond to some of today’s most sophisticated and determined cyber actors,” said Chris Salsberry, Tracepoint’s chief executive officer. “We're excited to have Booz Allen, a recognized cybersecurity leader, as an investor and partner. Their support helps elevate and grow our incident response capabilities. As we’ve seen across client engagements, organizations must relentlessly prepare for a cyber incident to reduce their risk.” This venture follows the new expansion of Andrew Turner, the previous boss security official for Fidelity National Information Systems, as a Booz Allen chief VP and market methodology pioneer in the company's worldwide business and imprints a significant advance in Booz Allen's continuous procedure to extend the company's worldwide business. The profound skill of Booz Allen professionals is procured through continuous digital activities, driving edge specialized developments, basic huge scope occurrence reactions, and progressed digital danger insight. “Cybersecurity is a business-enabling function that directly affects an organization’s potential to deliver to the bottom line,” said Jerry Bessette, a Booz Allen senior vice president and leader of the firm’s commercial strategic readiness and incident response team. “Tracepoint has a proven track record of helping clients respond to attacks with resiliency and we’re proud to invest and enhance these incident response capabilities. A growing array of domestic and international cyber threats means that having tested plans in place to mitigate threats will only become more of a business imperative.” Regarding the exchange, Booz Allen held Goldman Sachs and Co LLC as monetary consultant and King and Spalding LLP as legitimate guide. Tracepoint held Raymond James and Associates, Inc. as monetary counselor and Holland and Knight, LLP as lawful guide. Terms of the venture were not uncovered. About Booz Allen For more than 100 years, military, government and business leaders have turned to Booz Allen Hamilton to solve their most complex problems. As a consulting firm with experts in analytics, digital, engineering and cyber, we help organizations transform. We are a key partner on some of the most innovative programs for governments worldwide and trusted by its most sensitive agencies. We work shoulder to shoulder with clients, using a mission-first approach to choose the right strategy and technology to help them realize their vision. With global headquarters in McLean, Virginia, our firm employs about 27,600 people globally as of September 30, 2020 and had revenue of $7.5 billion for the 12 months ended March 31, 2020.

Read More

The Global Cyber Alliance is releasing an updated version of its Cybersecurity Toolkit for Small Business. This new edition builds

prnewswire | September 23, 2020

The Global Cyber Alliance an international nonprofit dedicated to reducing cyber risk, announced today the release of an updated version of its Cybersecurity Toolkit for Small Business. This new edition builds on the original toolkit, released in February 2019, with an improved user experience and expanded educational resources. The GCA Cybersecurity Toolkit for Small Business, sponsored by Mastercard, offers free effective tools to help protect against the most common cyber threats. The toolkit is aligned with the top recommendations made by the Center for Internet Security, the UK National Cyber Security Centre, and Australia's Cyber Security Centre.

Read More

Q6 Cyber, Coalition Join Forces to Revolutionize Cyber Insurance and Risk Management

Q6 Cyber | July 16, 2020

Q6 Cyber, a leading provider of e-crime intelligence, and Coalition, a leading cyber insurance provider, announced that they have partnered to revolutionize cyber insurance and risk management. Q6 Cyber's proprietary threat intelligence – used to prevent fraud and cyber-attacks – will be utilized to enhance the underwriting process for cyber insurance and protect the thousands of Coalition's insureds from damaging cyber-attacks.Q6 Cyber's cutting-edge technology monitors the "Digital Underground" - a vast universe where cybercriminals operate. The company's 24x7 coverage includes the DarkWeb, DeepWeb, malware networks, and other cybercrime infrastructure, producing highly targeted and proactive intelligence for early detection of network intrusions, data breaches, account takeovers, and more.Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Coalition's unique product offerings combine best-in-class insurance and proactive cybersecurity tools to help keep businesses safe from cyber losses, which cost the global economy upwards of $1.5 trillion annually.

Read More

Spotlight

At Capgemini, we strive to deliver value through applied innovation. One of the initiatives we participate in is the FinTech & CyberSecurity Program at Startupbootcamp. Being part of this ecosystem allows us to help partners in this network to innovate and solve real business problems. Vincent Fokke, CTO of Capgemini Financial Services Benelux, and Marieke Mouissie, Senior Consultant, share in this video what we have done to play our part in this ecosystem.