Search results for: vulnerability

snake

Despite lower number of vulnerability disclosures, security teams have their work cut out for them

The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk Based Security reveals. Vulnerabilities of interest disclosed in Q1 2020 Vulnerabilities disclosed in Q1 2020: What happened? Many factors have been identified as potential contributors to this decline, including the COVID-19 pandemic, though its precise impact may not be known for another year. “Although the … More

email

Vulnerability in Qmail mail transport agent allows RCE

Qualys researchers have found a way to exploit an previously known (and very old) vulnerability in Qmail, a secure mail transport agent, to achieve both remote code execution (RCE) and local code execution. The Qmail RCE flaw and other vulnerabilities In 2005, security researcher Georgi Guninski unearthed three vulnerabilities in Qmail, which – due to its simplicity, mutually untrusting modules and other specific development choices made by its creator Daniel J. Bernstein – is still … More

vBulletin

vBulletin fixes critical vulnerability, patch immediately!

If you’re using vBulletin to power your online forum(s), you should implement the newest security patches offered by the developers as soon as possible. The patches fix CVE-2020-12720, a vulnerability affecting versions 5.5.6, 5.6.0 and 5.6.1 with could be exploited without previous authentication. About CVE-2020-12720 CVE-2020-12720 has been defined as an incorrect access control issue, but no additional information has been shared. Charles Fol, a security engineer at Ambionics Security, discovered and reported the “critical” … More

measure

FIRST releases updated coordination principles for Multi-Party Vulnerability Coordination and Disclosure

The Forum of Incident Response and Security Teams (FIRST) has released an updated set of coordination principles – Guidelines for Multi-Party Vulnerability Coordination and Disclosure version 1.1. Stakeholder roles and communication paths The purpose The purpose of the Guidelines is to improve coordination and communication across different stakeholders during a vulnerability disclosure and provide best practices, policy and processes for reporting any issues across multiple vendors. It is targeted at vulnerabilities that have the potential … More

Qualys

Qualys provides vulnerability management for customers of Azure Security Center

Qualys, a pioneer and leading provider of cloud-based security and compliance solutions, announced that Qualys Container Security is immediately available and Qualys Vulnerability Management will be available within a month in Microsoft Azure Security Center. This solution leverages the embedded Qualys Cloud Agent and Qualys Container Sensors to build Vulnerability Management automation into the CI/CD pipeline as well as real-time visibility into running virtual instances. The solution automatically analyzes virtual machines and container images in … More

chip

Starbleed vulnerability: Attackers can gain control over FPGAs

Field Programmable Gate Arrays, FPGAs for short, are flexibly programmable computer chips that are considered very secure components in many applications. Starbleed vulnerability In a joint research project, scientists have now discovered that a critical vulnerability is hidden in these chips. They called the security bug Starbleed. Attackers can gain complete control over the chips and their functionalities via the vulnerability. Since the bug is integrated into the hardware, the security risk can only be … More

NeuVector dashboard

NeuVector adds to container security platform, automates end-to-end vulnerability management

NeuVector, the leader in Full Lifecyle Container Security, announced the NeuVector platform includes new features – purpose-built for enterprise DevOps and security teams – focused on automated end-to-end vulnerability management and protection, expanded registry scanning, and host protection in production environments. The platform additions include the new Vulnerability and Compliance Explorer for quickly investigating, prioritizing, reporting, and mitigating potentially damaging vulnerability and compliance issues. High performance large-registry scanning and enhanced host (node) security processes have … More

Click Armor launches gamified assessment that tests business phishing vulnerability

Corporations and public sector organizations can now assess their workforce’s exposure to dangerous phishing attacks, which are escalating as social distancing requires most employees to work from home. Managers can now characterize the weaknesses in their staff’s ability to defend against phishing and online social engineering scams, thanks to “Can We Be Phished?”, a new, freely available online assessment from Click Armor, the Continuous Cybersecurity Awareness Platform. Phishing is the practice of sending malicious emails, … More

vFeed

vFeed: Leveraging actionable vulnerability intelligence as a service indicators

vFeed is a truly exciting company and we had to include them in our list of the 10 hot industry newcomers to watch at RSA Conference 2020. In this podcast, Rachid Harrando, Advisory Board Member at vFeed, talks about how their correlation algorithm analyzes a large plethora of scattered advisories and third-party sources, and then standardizes the content with respect to security industry open standards. Here’s a transcript of the podcast for your convenience. Hello, … More

Hand

Debunking vulnerability management myths for a safer enterprise

Cybersecurity is one of the most daunting challenges enterprises will face in 2020. According to IBM’s 2019 Cost of a Data Breach report, the average cost of a data breach in the U.S. is $8.19 million, with companies averaging 206 days to identify breaches before even attempting to address them (a task that averages another 38 days). These stats and hundreds of others on cybercrime are quite sobering. Cyberattacks are beginning to seem like an … More

SpyCloud

Password vulnerability at Fortune 1000 companies

Despite often repeated advice of using unique passwords for online accounts – or at least the most critical ones – password reuse continues to be rampant. And, according to breach discovery firm SpyCloud, employees of the Fortune 1000 are just as bad about reusing passwords as the rest of us. Compromised credentials The company has combed through their database of breach data for data tied to Fortune 1000 companies, analyzed it and found that employees … More

Guard Dog Solutions’ AI-driven solution manages Wi-Fi vulnerability with real-time elimination of threats

Guard Dog Solutions, of Salt Lake City, has formally launched the world’s first AI-driven solution to preemptively and proactively combat and eliminate public and private Wi-Fi cyber security threats. Guard Dog Solutions’ technology is especially important as businesses move more work to homes and remote locations in Social Distancing measures to prevent exposure to the COVID-19. This effort is producing massive levels of additional work through VPN connections or Wi-Fi that is vastly insufficient and … More