Search results for: vulnerability

Sysdig partners with VulnDB to strengthen vulnerability intelligence reporting

Sysdig announced the addition of VulnDB as a third-party vulnerability source. VulnDB, from Risk Based Security, is a comprehensive, timely, and actionable source of vulnerability intelligence. With this partnership, the Sysdig Secure DevOps Platform extends its image scanning capabilities to provide richer findings around vulnerabilities in third-party libraries and dependencies. Combined with the wide range of vulnerability databases the Sysdig platform checks against, the comprehensive data from VulnDB enables organizations to more effectively identify, track, … More


Vulnerability reporting is returning to normal

Vulnerability reporting, still impacted by COVID-19, is beginning to return to normal, Risk Based Security reveals. Out of 11,121 vulnerabilities aggregated during the first half of 2020, 818 were the result of the Vulnerability Fujiwhara Effect, a term that describes the events when Microsoft and Oracle vulnerability disclosure schedules collide. “Risk Based Security sounded the alarm back in January. We knew that these events would undoubtedly become a significant strain for IT staff and Vulnerability … More

Lacework platform now features Active Host Vulnerability Monitoring and CI/CD integrations

Lacework announced that in the midst of a period of rapid adoption by developers of born-in-the-cloud applications, it will introduce Active Host Vulnerability Monitoring, pre-flight checks, and CI/CD automation workflows to its comprehensive SaaS security offering. Customers scaling services in the cloud will now have the telemetry to know what to fix in just three clicks without having to reference multiple tools as they safely build and innovate at speed. Lacework was built from the … More

Broken glass

20,000+ new vulnerability reports predicted for 2020, shattering previous records

Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals. Reshaping the way that people work 50% increase in mobile vulnerabilities highlights dangers of blurring line between corporate and personal networks Ransomware thrives during COVID-19 pandemic, with new samples increasing by 72% Attacks on critical infrastructure, including healthcare companies … More

RiskSense platform now provides visibility across both infrastructure and application vulnerability risk

RiskSense announced a new version of the cloud-delivered RiskSense platform that harmonizes threat analysis, prioritization and risk scoring across network-based assets as well as applications. Unlike competitive approaches which provide separate views of infrastructure and application vulnerabilities, RiskSense automatically calculates risk across CVEs and CWEs for a full-spectrum view. “RiskSense helps organizations rapidly reduce risk and provides a new understanding of how applications and their vulnerabilities affect the entire attack surface,” said Dr. Srinivas Mukkamala, … More

Vulcan Cyber now offers customizable vulnerability prioritization for efficient vulnerability remediation

Vulcan Cyber, developers of the industry’s only end-to-end vulnerability remediation platform, announced customers can now add custom risk parameters to existing Vulcan Cyber vulnerability prioritization algorithms for efficient vulnerability remediation. With the addition of custom risk scripts Vulcan Cyber is first to help security and IT operations teams run more-targeted, end-to-end vulnerability remediation campaigns contextualized to the risk appetite of their business. Traditional approaches to vulnerability risk prioritization focus on inputs such as CVSS severity … More

Semperis adds vulnerability assessment, security reporting, and auto-remediation to its DSP

Semperis announced new vulnerability assessment, security reporting, and auto-remediation capabilities in the latest release of Directory Services Protector (DSP), the industry’s most comprehensive Active Directory threat detection and response platform. Semperis DSP v3.0 is the first-of-its-kind to address the entire lifecycle of a directory cyberattack – from monitoring pre-attack indicators of exposure, to analyzing post-attack forensics, and everything in-between – all integrated into a single console. “Over twenty years later, Active Directory is still the … More


Guide: How to assess your email vulnerability for free in 20 minutes

This guide is no longer available. Attacks delivered via email are extremely common and the fact is that many popular security solutions are just not handling these attacks well enough, missing 20-40% of the new attacks emerging every day. What makes this issue even more urgent is that attacks are constantly evolving and evading security solutions. It’s therefore critical to constantly assess your security posture. Assessing your email vulnerability is a critical step in evaluating … More

Acunetix adds Business Logic Recorder to enable deeper vulnerability scanning of web apps

Acunetix has incorporated a brand new feature, the Business Logic Recorder (BLR), into the product. The Business Logic Recorder is a unique Acunetix feature that is designed to enable effective testing of particular scenarios, especially multi-step web forms, which would otherwise make it impossible for a scanner to reach all areas of a web application. Web applications process user input data in the background but an automated scanner cannot recognize the meaning of this data. … More

ConnectWise Automate

Running ConnectWise Automate on-prem? Fix this high-risk API vulnerability

ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided hotfixes. About ConnectWise Automate and the vulnerability ConnectWise is a provider of business automation solutions for managed services providers (MSPs) and IT solution providers. ConnectWise Automate is a software suite IT support technicians use to remotely monitor and manage customers’ assets (servers and workstations). “A remote authenticated user could … More


UPnP vulnerability lets attackers steal data, scan internal networks

A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks.


The importance of effective vulnerability remediation prioritization

Too many organizations have yet to find a good formula for prioritizing which vulnerabilities should be remediated immediately and which can wait. According to the results of a recent Tenable research aimed at discovering why some flaws go unpatched for months and years, vulnerabilities with exploits show roughly the same persistence as those with no available exploit. “Defenders are still operating as though all vulnerabilities have the same likelihood of exploitation,” says Lamine Aouad, Staff … More