Search results for: vulnerability

Handshake

Veristor Systems and Randori join forces to enhance security posture for companies

Veristor Systems and Randori have partnered to help customers tackle growing attack surface risks. Together, the companies will support companies as they work to enhance their security posture with a unified platform for attack surface management (ASM) and continuous automated red teaming (CART). According to a recent Randori survey, seven in 10 organizations have been compromised via an unknown, unmanaged or poorly managed internet-facing asset in the past year. To prepare for this challenge, it … More

CISA

CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration

A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks. About the Directive “Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices,” the agency … More

security platform

Pentest People SecurePortal 2.0 enables users to identify vulnerabilities as they appear

Pentest People, has made a number of senior appointments to support a range of new managed services. The company has also re-engineered its SecurePortal product to provide customers with continuous, cloud-based vulnerability monitoring and penetration testing as a service (PTaaS). Organizations commission Pentest People’s cybersecurity consultants to test their websites, applications and IT networks for any weaknesses that could allow cybercriminals to steal information, damage systems, or hold data to ransom. Consultants’ manual assessments are … More

office building

ADVA launches network security company to protect mission-critical cloud traffic from cyberattacks

ADVA has launched Adva Network Security, a specialist security company committed to protecting mission-critical communication networks from cyberattacks. The new separate company will complement ADVA’s networking technology portfolio with proven and approved security controls to protect mission-critical connectivity applications. It will develop, produce and integrate encryption technology able to withstand increasingly sophisticated threats. With its own IT infrastructure and secure data center facilities in Germany, Adva Network Security will collaborate with national security organizations to … More

open source security

When transparency is also obscurity: The conundrum that is open-source security

Open-source software (OSS) has a lot of advocates. After all, why would we continuously try and write code that solves problems that others have already solved? Why not share the knowledge and gradually and incrementally improve existing open-source solutions? These egalitarian ideals are arguably central to civilization itself – never mind software – but also contain underlying tensions that have been a challenge for generations. The pros and cons of OSS The challenge of OSS … More

Node.js Foundation

HTTP request smuggling vulnerability in Node.js (CVE-2022-35256)

In this Help Net Security video, Austin Jones, Principal Software Engineer at ThreatX, explains what HTTP request smuggling is, and discusses a recently uncovered HTTP request smuggling vulnerability in Node.js (CVE-2022-35256). This vulnerability allows an attacker to bypass security controls on the target server to conduct any nefarious activities.

malware

Researchers outline the Lazarus APT offensive toolset

ESET researchers uncovered and analyzed a set of malicious tools that were used by the Lazarus APT group in attacks during the end of 2021. The campaign started with spear phishing emails containing malicious Amazon-themed documents, and it targeted an employee of an aerospace company in the Netherlands and a political journalist in Belgium. The primary goal of the attackers was data exfiltration. Amazon-themed document sent to the target in the Netherlands. Source: ESET Both … More

malware

Detecting fileless malware infections is becoming easier

For some analysts, memory analysis is only an optional step in cybersecurity investigations. Their reasons are simple. One: Handling memory and volatile data is a complex endeavor, made more difficult by legacy tools. Two: The average analyst is a highly educated individual but is generally not an expert in memory architecture. That knowledge is often reserved for systems engineers. And three: The few analysts who do possess that expertise are writing code or concentrate on … More

week in review

Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs

SpyCast: Cross-platform mDNS enumeration tool SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast packets. Attackers use novel technique, malware to compromise hypervisors and virtual machines Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered. To encrypt or to destroy? Ransomware … More

vmware

Attackers use novel technique, malware to compromise hypervisors and virtual machines

Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered. They named the malware VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows), and shared detection and hardening advice. The malware and techniques used by the attackers VirtualPITA and VirtualPIE are backdoors, which the attackers deliver by using malicious vSphere Installation Bundles (VIBs). VirtualGATE is a utility program that incorporates … More

Microsoft Exchange

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About the vulnerabilities (CVE-2022-41040, CVE-2022-41082) CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 allows remote code execution when PowerShell … More

Handshake

Cybeats partners with Veracode to help customers manage SBOM and software vulnerabilities

Cybeats Technologies and Veracode partnership will leverage complementary expertise to ensure customers receive the highest standard of cybersecurity solutions. Cybeats’ software supply chain security product, SBOM Studio, will be available to customers through Veracode Partners, and the companies will explore joint commercial opportunities. Once generated within the Veracode Continuous Software Security Platform, a Software Bill of Materials (SBOM) can enable greater software security by offering a full inventory of the third-party components used within an … More