Search results for: vulnerability

Broken glass

20,000+ new vulnerability reports predicted for 2020, shattering previous records

Over 9,000 new vulnerabilities have been reported in the first six months of 2020, and we are on track to see more than 20,000 new vulnerability reports this year — a new record, Skybox Security reveals. Reshaping the way that people work 50% increase in mobile vulnerabilities highlights dangers of blurring line between corporate and personal networks Ransomware thrives during COVID-19 pandemic, with new samples increasing by 72% Attacks on critical infrastructure, including healthcare companies … More

RiskSense platform now provides visibility across both infrastructure and application vulnerability risk

RiskSense announced a new version of the cloud-delivered RiskSense platform that harmonizes threat analysis, prioritization and risk scoring across network-based assets as well as applications. Unlike competitive approaches which provide separate views of infrastructure and application vulnerabilities, RiskSense automatically calculates risk across CVEs and CWEs for a full-spectrum view. “RiskSense helps organizations rapidly reduce risk and provides a new understanding of how applications and their vulnerabilities affect the entire attack surface,” said Dr. Srinivas Mukkamala, … More

Vulcan Cyber now offers customizable vulnerability prioritization for efficient vulnerability remediation

Vulcan Cyber, developers of the industry’s only end-to-end vulnerability remediation platform, announced customers can now add custom risk parameters to existing Vulcan Cyber vulnerability prioritization algorithms for efficient vulnerability remediation. With the addition of custom risk scripts Vulcan Cyber is first to help security and IT operations teams run more-targeted, end-to-end vulnerability remediation campaigns contextualized to the risk appetite of their business. Traditional approaches to vulnerability risk prioritization focus on inputs such as CVSS severity … More

Semperis adds vulnerability assessment, security reporting, and auto-remediation to its DSP

Semperis announced new vulnerability assessment, security reporting, and auto-remediation capabilities in the latest release of Directory Services Protector (DSP), the industry’s most comprehensive Active Directory threat detection and response platform. Semperis DSP v3.0 is the first-of-its-kind to address the entire lifecycle of a directory cyberattack – from monitoring pre-attack indicators of exposure, to analyzing post-attack forensics, and everything in-between – all integrated into a single console. “Over twenty years later, Active Directory is still the … More

email

Guide: How to assess your email vulnerability for free in 20 minutes

Attacks delivered via email are extremely common and the fact is that many popular security solutions are just not handling these attacks well enough, missing 20-40% of the new attacks emerging every day. What makes this issue even more urgent is that attacks are constantly evolving and evading security solutions. It’s therefore critical to constantly assess your security posture. Assessing your email vulnerability is a critical step in evaluating your overall security posture. With the … More

Acunetix adds Business Logic Recorder to enable deeper vulnerability scanning of web apps

Acunetix has incorporated a brand new feature, the Business Logic Recorder (BLR), into the product. The Business Logic Recorder is a unique Acunetix feature that is designed to enable effective testing of particular scenarios, especially multi-step web forms, which would otherwise make it impossible for a scanner to reach all areas of a web application. Web applications process user input data in the background but an automated scanner cannot recognize the meaning of this data. … More

ConnectWise Automate

Running ConnectWise Automate on-prem? Fix this high-risk API vulnerability

ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided hotfixes. About ConnectWise Automate and the vulnerability ConnectWise is a provider of business automation solutions for managed services providers (MSPs) and IT solution providers. ConnectWise Automate is a software suite IT support technicians use to remotely monitor and manage customers’ assets (servers and workstations). “A remote authenticated user could … More

lock

UPnP vulnerability lets attackers steal data, scan internal networks

A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks.

shield

The importance of effective vulnerability remediation prioritization

Too many organizations have yet to find a good formula for prioritizing which vulnerabilities should be remediated immediately and which can wait. According to the results of a recent Tenable research aimed at discovering why some flaws go unpatched for months and years, vulnerabilities with exploits show roughly the same persistence as those with no available exploit. “Defenders are still operating as though all vulnerabilities have the same likelihood of exploitation,” says Lamine Aouad, Staff … More

VMware Cloud Director

VMware Cloud Director vulnerability enables a full cloud infrastructure takeover

A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered. About VMware vCloud Director and CVE-2020-3956 VMware Cloud Director (formerly known as vCloud Director) is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure. CVE-2020-3956 was discovered by Citadelo penetration testers during a security audit of a customer’s VMWare Cloud Director-based cloud … More

snake

Despite lower number of vulnerability disclosures, security teams have their work cut out for them

The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk Based Security reveals. Vulnerabilities of interest disclosed in Q1 2020 Vulnerabilities disclosed in Q1 2020: What happened? Many factors have been identified as potential contributors to this decline, including the COVID-19 pandemic, though its precise impact may not be known for another year. “Although the … More

email

Vulnerability in Qmail mail transport agent allows RCE

Qualys researchers have found a way to exploit an previously known (and very old) vulnerability in Qmail, a secure mail transport agent, to achieve both remote code execution (RCE) and local code execution. The Qmail RCE flaw and other vulnerabilities In 2005, security researcher Georgi Guninski unearthed three vulnerabilities in Qmail, which – due to its simplicity, mutually untrusting modules and other specific development choices made by its creator Daniel J. Bernstein – is still … More