Security Affairs

JULY 9, 2020

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. We hope that the engine can help other organizations protect their users’ data.

Engineering 138

Engineering Advertising Authentication Passwords 138

Tech Republic Security

SEPTEMBER 30, 2021

If you're looking for one of the best vulnerability scanners on the market, Nessus might be the ticket. Jack Wallen shows you how to install this platform on Rocky Linux.

Marketing 125

Marketing 125

Dark Reading

DECEMBER 13, 2022

OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.

70

70

Security Boulevard

FEBRUARY 15, 2022

Log4j CVE-2021-44228 Since its discovery, much has already been said about the vulnerability discovered within the Log4j logging framework, CVE-2021-44228. The post Detecting Automated Vulnerability Scanners: Log4j Zero-Day Vulnerability Case Study appeared first on Security Boulevard.

Risk 98

Risk Cybersecurity 98

NopSec

MARCH 14, 2023

Under the umbrella of risked-based vulnerability management (RBVM) live a host of tools who’s applications correspond to various stages of the vulnerability management lifecycle. Vulnerability assessment scanners discover the vulnerabilities in your environment.

Risk 40

Risk Cyber Risk Technology Marketing 40

Dark Reading

OCTOBER 26, 2022

Majority of vulnerability scanner tools overwhelming teams with false positives and missing exploitable vulnerabilities.

47

47

Penetration Testing

DECEMBER 20, 2022

OSV-Scanner Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies. OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since... The post osv-scanner v1.5

Penetration Testing 40

Penetration Testing 40

Penetration Testing

MARCH 28, 2023

Artemis A modular web reconnaissance tool and vulnerability scanner based on Karton. releases: modular web reconnaissance tool and vulnerability scanner appeared first on Penetration Testing.

Penetration Testing 40

Penetration Testing Passwords 40

Penetration Testing

NOVEMBER 3, 2021

Web Cache Vulnerability Scanner Web Cache Vulnerability Scanner (WCVS) is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify... The post Web Cache Vulnerability Scanner v1.1.1

Penetration Testing 40

Penetration Testing 40

Penetration Testing

APRIL 26, 2024

pphack pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities.

Penetration Testing 134

Penetration Testing 134

Bleeping Computer

MARCH 8, 2023

Both penetration testing and vulnerability scanning are essential to upholding and maintaining a strong security posture. Here are the benefits of combining both to maximize coverage and your web application security. [.]

Penetration Testing 82

Penetration Testing 82

eSecurity Planet

SEPTEMBER 24, 2019

PortSwigger Web Security's Burp is a top-rated web vulnerability scanner used in many organizations and is found in most penetration testing toolkits.

Penetration Testing 48

Penetration Testing 48

Security Affairs

MARCH 18, 2024

A critical vulnerability in WordPress miniOrange’s Malware Scanner and Web Application Firewall plugins can allow site takeover. The researchers at the Wordfence Threat Intelligence team also identified the same vulnerability in miniOrange’s Web Application Firewall plugin that has more than 300+ active installations.

Firewall 97

Firewall Malware Passwords Hacking 97

SecurityTrails

NOVEMBER 8, 2021

Learn how to install Uniscan, and how to perform LFI, RFI, and RCE vulnerability scanning easily from Kali Linux.

145

145

The Hacker News

DECEMBER 23, 2021

on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. and the U.K. Sophisticated cyber threat actors

Cyber threats 116

Cyber threats Software Cybersecurity 116

The Hacker News

DECEMBER 26, 2023

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks.

Cryptocurrency 95

Cryptocurrency DDOS Accountability 95

Tech Republic Security

OCTOBER 7, 2021

Vulnerability scanners are not enough, according to an expert who champions an all-encompassing holistic approach to vulnerability management as a means to eliminate surprises.

166

166

Bleeping Computer

FEBRUARY 15, 2024

In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. [.]

72

72

Penetration Testing

JULY 24, 2019

Brakeman Brakeman is an open-source static analysis tool that checks Ruby on Rails applications for security vulnerabilities. released: A static analysis security vulnerability scanner for Ruby on Rails applications appeared first on Penetration Testing.

Penetration Testing 40

Penetration Testing 40

CyberSecurity Insiders

NOVEMBER 19, 2022

Researchers at Cyber Security Works, Ivanti, and Cyware identify new vulnerabilities, blindspots in popular network scanners, and emerging Advanced Persistent Threat (APT) groups in a joint ransomware report. The total number of ransomware vulnerabilities out there has climbed to 323. New vulnerabilities, new threat actors.

Ransomware 143

Ransomware Government Healthcare Manufacturing 143

Veracode Security

JANUARY 8, 2024

In this blog, we will explore vulnerabilities in JavaScript, best practices to secure your code, and tools to prevent attacks. Understanding JavaScript Vulnerabilities This article explores the common vulnerabilities related to JavaScript security and provides best practices to secure your code.

Risk 105

Risk 105

InfoWorld on Security

MARCH 20, 2024

GitHub is previewing code scanning autofix, a feature that combines its GitHub Copilot AI assistant with its CodeQL code scanner to provide suggested fixes to discovered vulnerabilities. Launched March 20 , code scanning autofix makes vulnerability fixes available right away as a developer is coding, GitHub said.

81

81

The Hacker News

DECEMBER 13, 2022

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.

Engineering 89

Engineering Software 89

Dark Reading

DECEMBER 22, 2021

The open-sourced scanner was derived from scanners built by members across the open source community, CISA reports.

65

65

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 119

Firmware Authentication Engineering Hacking 119

Security Affairs

DECEMBER 22, 2021

US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. We published an open-sourced log4j-scanner derived from scanners created by other members of the open-source community. Supports DNS callback for vulnerability discovery and validation.

DNS 113

DNS Firewall Cybersecurity Cyber threats 113

Pen Test

NOVEMBER 7, 2023

TLDR; Upgrade Confluence to a patched version and employ the open-source security scanner n0s1 to proactively address potential secret leaks. Why do I need a secret scanner? Both the vendor (Atlassian) and the US government have issued warnings regarding active exploitation of this vulnerability by nation-state actors.

Passwords 115

Passwords Software Engineering Government 115

Bleeping Computer

AUGUST 15, 2023

Mandiant has released a scanner to check if a Citrix NetScaler Application Delivery Controller (ADC) or NetScaler Gateway Appliance was compromised in widespread attacks exploiting the CVE-2023-3519 vulnerability. [.]

Hacking 81

Hacking Software 81

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 104

Data breaches Small Business Hacking Malware 104

Bleeping Computer

DECEMBER 13, 2022

Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project. [.].

Software 96

Software 96

eSecurity Planet

JULY 7, 2023

Vulnerability scanning is critically important for identifying security flaws in hardware and software, but vulnerability scanning types are as varied as the IT environments they’re designed to protect. Agent-Server: The scanner installs agent software on the target host in an agent-server architecture.

Software 75

Software Authentication Risk Internet 75

NopSec

SEPTEMBER 13, 2013

It not only has the capability to perform native scans on a wide variety of assets (external, internal, configuration, web application, wireless and more to come) but it also has the flexibility to import scan results from external scanners. The post Importing Vulnerability Scanner Results into Unified VRM appeared first on NopSec.

Artificial Intelligence 40

Artificial Intelligence Wireless Architecture Technology 40

eSecurity Planet

APRIL 15, 2022

Unlike penetration tests , vulnerability tests do not consist of performing real attacks. However, they’re no less valuable, as they can spot vulnerabilities missed by a penetration test and provide a baseline for comparison. In addition, vulnerability tests allow IT teams to identify weaknesses before they become an actual problem.

Penetration Testing 117

Penetration Testing Wireless Software Risk 117

Adam Levin

DECEMBER 9, 2020

FireEye’s breach disclosed that the threat actors behind the attack had acquired “scripts, tools, scanners, and techniques” used by FireEye security experts to simulate data breaches and cyberattacks. None of the hacking tools exploited “zero day” vulnerabilities. The hacking toolkit used by FireEye’s “Red Team” was compromised.

Data breaches 190

Data breaches Hacking Government Software 190

Google Security

APRIL 13, 2023

Posted by Julie Qiu, Go Security & Reliability and Oliver Chang, Google Open Source Security Team High profile open source vulnerabilities have made it clear that securing the supply chains underpinning modern software is an urgent, yet enormous, undertaking. All vulnerability database entries are reviewed and curated by the Go security team.

Software 87

Software Architecture Engineering Risk 87

CyberSecurity Insiders

MARCH 9, 2023

Traditional vulnerability management is in need of a desperate change due to the lack of effectiveness in combating modern cyberattacks. Putting the monetary effect aside, a successful cyberattack from ineffective vulnerability management can fatally hit an organization’s reputation.

Risk 138

Risk Software Technology Cybersecurity 138

Dark Reading

NOVEMBER 2, 2021

Tenable added Raspberry Pi support to Nessus v10.0 to help security professionals conduct audits and assessments remotely.

57

57