Search results for: vulnerability
Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals. Reshaping the way that people work 50% increase in mobile vulnerabilities highlights dangers of blurring line between corporate and personal networks Ransomware thrives during COVID-19 pandemic, with new samples increasing by 72% Attacks on critical infrastructure, including healthcare companies … More →
RiskSense announced a new version of the cloud-delivered RiskSense platform that harmonizes threat analysis, prioritization and risk scoring across network-based assets as well as applications. Unlike competitive approaches which provide separate views of infrastructure and application vulnerabilities, RiskSense automatically calculates risk across CVEs and CWEs for a full-spectrum view. “RiskSense helps organizations rapidly reduce risk and provides a new understanding of how applications and their vulnerabilities affect the entire attack surface,” said Dr. Srinivas Mukkamala, … More →
Vulcan Cyber, developers of the industry’s only end-to-end vulnerability remediation platform, announced customers can now add custom risk parameters to existing Vulcan Cyber vulnerability prioritization algorithms for efficient vulnerability remediation. With the addition of custom risk scripts Vulcan Cyber is first to help security and IT operations teams run more-targeted, end-to-end vulnerability remediation campaigns contextualized to the risk appetite of their business. Traditional approaches to vulnerability risk prioritization focus on inputs such as CVSS severity … More →
Semperis announced new vulnerability assessment, security reporting, and auto-remediation capabilities in the latest release of Directory Services Protector (DSP), the industry’s most comprehensive Active Directory threat detection and response platform. Semperis DSP v3.0 is the first-of-its-kind to address the entire lifecycle of a directory cyberattack – from monitoring pre-attack indicators of exposure, to analyzing post-attack forensics, and everything in-between – all integrated into a single console. “Over twenty years later, Active Directory is still the … More →
Attacks delivered via email are extremely common and the fact is that many popular security solutions are just not handling these attacks well enough, missing 20-40% of the new attacks emerging every day. What makes this issue even more urgent is that attacks are constantly evolving and evading security solutions. It’s therefore critical to constantly assess your security posture. Assessing your email vulnerability is a critical step in evaluating your overall security posture. With the … More →
Acunetix has incorporated a brand new feature, the Business Logic Recorder (BLR), into the product. The Business Logic Recorder is a unique Acunetix feature that is designed to enable effective testing of particular scenarios, especially multi-step web forms, which would otherwise make it impossible for a scanner to reach all areas of a web application. Web applications process user input data in the background but an automated scanner cannot recognize the meaning of this data. … More →
ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided hotfixes. About ConnectWise Automate and the vulnerability ConnectWise is a provider of business automation solutions for managed services providers (MSPs) and IT solution providers. ConnectWise Automate is a software suite IT support technicians use to remotely monitor and manage customers’ assets (servers and workstations). “A remote authenticated user could … More →
A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks.
Too many organizations have yet to find a good formula for prioritizing which vulnerabilities should be remediated immediately and which can wait. According to the results of a recent Tenable research aimed at discovering why some flaws go unpatched for months and years, vulnerabilities with exploits show roughly the same persistence as those with no available exploit. “Defenders are still operating as though all vulnerabilities have the same likelihood of exploitation,” says Lamine Aouad, Staff … More →
A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered. About VMware vCloud Director and CVE-2020-3956 VMware Cloud Director (formerly known as vCloud Director) is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure. CVE-2020-3956 was discovered by Citadelo penetration testers during a security audit of a customer’s VMWare Cloud Director-based cloud … More →
The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk Based Security reveals. Vulnerabilities of interest disclosed in Q1 2020 Vulnerabilities disclosed in Q1 2020: What happened? Many factors have been identified as potential contributors to this decline, including the COVID-19 pandemic, though its precise impact may not be known for another year. “Although the … More →
Qualys researchers have found a way to exploit an previously known (and very old) vulnerability in Qmail, a secure mail transport agent, to achieve both remote code execution (RCE) and local code execution. The Qmail RCE flaw and other vulnerabilities In 2005, security researcher Georgi Guninski unearthed three vulnerabilities in Qmail, which – due to its simplicity, mutually untrusting modules and other specific development choices made by its creator Daniel J. Bernstein – is still … More →
