ASUS warns of Cyclops Blink malware attacks targeting routers
Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk. [...]
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk. [...]
Security vendors now have 5 working days to explain to the Competition and Markets Authority why it's wrong The UK Competition and Markets Authority (CMA) merger inquiry into NortonLifeLock's proposed $8bn acquisition of rival antivirus provider Avast has now closed, with the regulator concluding that a tie-up could indeed reduce competition in the marketplace.…
German authorities had urged firms to replace the Russian vendor’s products
QNAP's disclosure this week is the latest reminder of the potentially wide impact of privilege escalation flaw in the Linux kernel.
Security consolidation du jour SentinelOne reached a $616.5m deal to buy identity security vendor Attivo Networks, the companies announced today.…
Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed 'Dirty Pipe' that allows attackers with local access to gain root privileges. [...]