Top trends in security testing and vulnerability management

Many businesses fail to conduct frequent security testing despite believing that it’s critically important to securing their systems and data. One in five of businesses surveyed admitted they don’t do any security testing, despite the fact that 95 percent of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities. The findings are based on an Osterman Research survey of 126 security professionals who have knowledge about or responsibility for … More

Key elements for successfully prioritizing vulnerability remediation

New vulnerabilities are disclosed every day, amounting to thousands per year. Naturally, not all vulnerabilities are created equal. In this podcast recorded at Black Hat USA 2016, Tim White, Director of Product Management at Qualys, talks about Qualys ThreatPROTECT, a cloud-based solution that helps IT professionals automatically prioritize the vulnerabilities that pose the greatest risk to their organization. How? By correlating active threats against your vulnerabilities. Live Threat Intelligence Feed ThreatPROTECT also includes a Live … More

ThreadFix: Software vulnerability aggregation and management system

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. A view of the application portfolio Application security programs tend to involve a number of technologies and activities, and application security teams struggle managing these testing activities and all the data they are generating. “We built ThreadFix so that application security teams can create a consolidated view of their applications … More

Faraday: Collaborative pen test and vulnerability management platform

Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time. It gives CISOs a better overview of their team’s job, tools and results. You can run it on Windows, Linux and OS X. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way. Faraday supports more than 50 tools, including Burp Suite, … More

Chrome vulnerability lets attackers steal movies from streaming services

A significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany. The video below shows how easily content can be stolen from a protected video: The vulnerability in the encryption technology, Widevine EME/CDM, opens an easy way for attackers … More

Week in review: Docker security, SWIFT warns of new attacks, SAP vulnerability exploited

Here’s an overview of some of last week’s most interesting news and articles: SWIFT warns of new attacks, Bangladesh Bank heist linked to Sony hack They believe that its customers are facing “a highly adaptive campaign targeting banks’ payment endpoints.” Internet of Fail: How modern devices expose our lives During the past few years we’ve seen examples of all sorts of IoT devices exhibiting glitches, getting hacked, manipulated, and the information they hold exfiltrated. CryptXXX … More

Vulnerability management trends in Asia Pacific

A new study conducted by Forrester Consulting evaluated perceived challenges, drivers and benefits of various vulnerability management strategies and investments based on responses from information security professionals in Australia, China, Japan, New Zealand and Singapore. According to survey results, one of the top security priorities of companies is protecting customer data, with a focus on application security, data security and protection of customers’ personal information. Despite their customer focus, only 22 percent of security decision … More

SAP vulnerability exploited to compromise enterprises worldwide

A SAP vulnerability, patched over five years ago, is being leveraged to exploit SAP systems of many large-scale global enterprises, US-CERT warns. At least 36 organizations in the US, the UK, Germany, China, India, Japan, and South Korea, spanning a number of industries, have had their SAP business applications compromised via this flaw, says SAP security company Onapsis. The company’s researchers have discovered that the exploitation of this flaw and the compromises of those organizations … More

Facebook vulnerability allowed access to personal and payment information

Bitdefender has discovered a significant vulnerability within Facebook which allowed access to any user account through simple social login manipulation. The attacker was able to gain access to personal user information, a contacts list for potential malware distribution and payment information – allowing purchases to be made in the user’s name. Attack vector The attack vector in this case – social logins – are an alternative to traditional authentication. This form of access offers users … More

Microsoft plugs online services account hijacking vulnerability

London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for online services. A successful exploitation of the vulnerability could allow attackers to collect users’ login tokens and use them to impersonate users on Microsoft’s services, but the good news is that the Redmond giant took only two days to plug the security hole once they knew about it. “Microsoft, being a huge company, have … More