NopSec

JULY 28, 2023

July was a busy month for vulnerability research. Good news for blog content, but less so for production networks. Researchers discovered that Adobe ColdFusion is still actively used in production environments and vulnerable to a deserialization vulnerability that results in remote command execution (RCE).

Authentication 52

Authentication Encryption Risk Passwords 52

Security Boulevard

AUGUST 25, 2021

In our previous post , we have mentioned that the Common Weakness Enumeration (CWE) list can be long and daunting to look at when you’re first getting started. What is the CWE Top 25 Most Dangerous Software Weaknesses List? Weaknesses are then ranked based on this overall score. Image by Lawrence Monk from Pixabay.

Software 52

Software Authentication 52

Malwarebytes

APRIL 3, 2023

Researchers at Orca Security disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. The vulnerability was reported to the Microsoft Security Response Center (MSRC) with responsible disclosure and was included by Microsoft in their March 2023 Patch Tuesday round.

Authentication 83

Authentication Risk Cybersecurity 83

Malwarebytes

FEBRUARY 14, 2022

It explains that a critical zero-day vulnerability is actively being exploited in attacks against sites that use these two content management system (CMSs). The vulnerability. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. out of 10.

Firewall 65

Firewall Passwords Malware Software 65

Herjavec Group

NOVEMBER 18, 2021

A strong Vulnerability Management program is essential to a comprehensive and proactive cybersecurity program. It allows organizations to identify potential security gaps including access points that threat actors can leverage to gain entry into corporate networks and then prioritize these vulnerabilities for remediation.

Risk 52

Risk Healthcare Wireless InfoSec 52

eSecurity Planet

SEPTEMBER 8, 2021

A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain unauthorized access to sensitive data. The vulnerability has a severity rating of 8.6 on the CVSS scoring system.

Architecture 120

Architecture Firewall Authentication Software 120

BH Consulting

MARCH 2, 2021

When it comes to vulnerability management, the old Donald Rumsfeld quote about ‘known knowns and unknown unknowns’ springs to mind. Unless an organisation understands what its weak points are, how can it strengthen or mitigate them, or accept the risks? Vulnerability volume increases.

Risk 52

Risk Penetration Testing Data breaches Malware 52

Cisco Security

FEBRUARY 3, 2022

We discussed the most significant cyber threats of 2021, what we’re seeing now, and how defenders can best protect their organizations in the year ahead. what happened to gas supplies on the East Coast of the United States. What do we know about the bad actor side of this attack? It was very much an ‘Icarus’ situation.

Ransomware 61

Ransomware Risk Government CISO 61

NopSec

APRIL 7, 2019

Many security companies are adopting it as well, to solve security problems such as intrusion detection, malware analysis, and vulnerability prioritization. Finally, we covered some common challenges encountered when designing machine learning systems, as well as adversarial machine learning in specific. How big is the problem?

Cybersecurity 52

Cybersecurity Data breaches Malware Risk 52

McAfee

JANUARY 5, 2022

And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days. What is it? . It was revealed in early December that a path traversal vulnerability allowed an attacker to access local files due to an improper sanitization of “./././” What can I do? .

Software 81

Software Network Security Authentication Internet 81

NopSec

JULY 19, 2022

Focused on making a profit, the leadership doesn’t worry excessively about cybersecurity or vulnerability prioritization. And while cybercrime is ramping up, the number of common vulnerabilities and exposures identified each year has been declining — from 6,610 in 2006 to 4,155 in 2011. “We And truthfully, I’m not sure we are.”

Cybersecurity 40

Cybersecurity Risk Cybercrime Software 40

ForAllSecure

APRIL 27, 2023

In this blog post, we’ll explore the shift from DevOps to DevSecOps and discuss some practical tips for your organization when moving from a DevOps to DevSecOps environment. This proactive approach ensures that potential vulnerabilities are identified and addressed as early as possible, reducing the risk of costly breaches or downtime.

Software 52

Software Risk Engineering Architecture 52

ForAllSecure

AUGUST 18, 2020

Earlier this year we uncovered bugs in the GNU libc functions cosl, sinl, sincosl, and tanl due to assumptions in an underlying common function, leading to CVE-2020-10029. This is rather surprising because floating-point is ubiquitous in computer systems. The vulnerability in glibc. We would have lost that bet.

Architecture 52

Architecture 52

ForAllSecure

AUGUST 18, 2020

Earlier this year we uncovered bugs in the glibc functions cosl, sinl, sincosl, and tanl due to assumptions in an underlying common function, leading to CVE-2020-10029. This is rather surprising because floating-point is ubiquitous in computer systems. The vulnerability in glibc. We would have lost that bet.

Architecture 52

Architecture 52

ForAllSecure

AUGUST 18, 2020

Earlier this year we uncovered bugs in the glibc functions cosl, sinl, sincosl, and tanl due to assumptions in an underlying common function, leading to CVE-2020-10029. This is rather surprising because floating-point is ubiquitous in computer systems. The vulnerability in glibc. We would have lost that bet.

Architecture 52

Architecture 52

NopSec

OCTOBER 4, 2022

Securing computer systems is the ultimate big data problem. Here at Nopsec, we use AI/ML to prioritize vulnerabilities allowing security teams to remediate the highest risk vulnerabilities. Here at Nopsec, we use AI/ML to prioritize vulnerabilities allowing security teams to remediate the highest risk vulnerabilities.

Artificial Intelligence 52

Artificial Intelligence Risk Malware Big data 52

NopSec

MAY 17, 2016

However, the term “risk” can be highly subjective, making it difficult for organizations to determine the riskiest vulnerabilities. One quantitative measure NopSec employs to help an organization evaluate the risk of a vulnerability is through malware correlation. What is the CVSS? What is CVSS Used For?

Malware 52

Malware Authentication Risk Media 52

eSecurity Planet

AUGUST 3, 2021

At Black Hat and Def Con this week, SafeBreach security researchers Peleg Hadar and Tomer Bar will demonstrate two new tools developed to automate the discovery of zero-day vulnerabilities. Both announcements highlight the power of automation to increase the efficiency and scope of vulnerability research. End-to-end Hyper-V Fuzzer.

Architecture 104

Architecture Risk Malware Software 104

Malwarebytes

SEPTEMBER 8, 2022

From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full with the best of our business blog. At Malwarebytes, we understand that small-and-medium sized businesses find it uniquely difficult to quickly respond to vulnerabilities.

Software 66

Software Risk Data breaches 66

McAfee

NOVEMBER 2, 2021

Regardless of the origins, you’ve arrived at Advanced Threat Research team’s monthly bug digest – an overview of what we believe to be the most noteworthy vulnerabilities over the last month. What is it? What can I do? as it does not patch both vulnerabilities. What is it? Bug 3: Apple iOS CVE-2021-30883.

Marketing 63

Marketing Mobile Phishing Network Security 63

McAfee

SEPTEMBER 17, 2021

There’s a lot of information out there on critical vulnerabilities; this short bug report contains an overview of what we believe to be the most news and noteworthy vulnerabilities. What is it? CVE-2021-40444 is a vulnerability which allows a carefully crafted ActiveX control and a malicious MS Cabinet (.cab)

Social Engineering 73

Social Engineering Engineering Technology Malware 73

NopSec

DECEMBER 31, 2018

At this time of the year, like any other year, the security industry goes back to reflect on itself and foresee future trends in what we call the “New Year predictions”. With this blog post I want to take a different path. And with that, let’s begin with the current state of Vulnerability Management.

System Administration 40

System Administration Risk Accountability Malware 40

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the infosec landscape better. Adam Shostack has a new book, Threats: What Every Engineer Should Learn From Star Wars. that uses both Star Wars and STRIDE to help engineers under vulnerabilities and threats in software development.

Engineering 40

Engineering Technology Authentication InfoSec 40

Malwarebytes

SEPTEMBER 14, 2022

From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full of the best of our business blog. The question for any IT leader then is: What can I prevent, without slowing down my business? Read more: What is endpoint protection? Data is kept separate.

Technology 64

Technology DNS Cyber Insurance Insurance 64