Vulnerability in WhatsApp and Telegram allowed complete account takeover

Check Point researchers today revealed a new vulnerability on WhatsApp and Telegram’s online platforms – WhatsApp Web & Telegram Web. By exploiting this vulnerability, attackers could completely take over user accounts, and access victims’ personal and group conversations, photos, videos and other shared files, contact lists, and more. Vulnerability impact The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent looking image. As soon as the user clicks on the … More

Qualys app for IBM QRadar offers critical insight into key vulnerability metrics

At RSA Conference 2017, Qualys launched a new Qualys App for the IBM QRadar Security Intelligence Platform, which allows customers to visualize their network IT assets and vulnerabilities in real-time, and helps teams produce continuous vulnerability and risk metrics from a data analytics perspective. The new application is freely available to the security community through the IBM Security App Exchange, a marketplace where developers across the industry can share applications based on IBM Security technologies. … More

The latest on the critical RCE Cisco WebEx extension vulnerability

Since Google bug hunter Tavis Ormandy revealed the existence of a remotely exploitable code execution flaw in the Cisco WebEx extension for Google Chrome last week, Cisco has pushed out several updates for it in quick succession. We’re now up to version 1.0.7 (the initial update to fix the flaw was 1.0.3), and ostensibly the vulnerability has now been fixed. The latest update of the security advisory detailing the issue says that the WebEx extensions … More

Addressing the challenges of vulnerability coordination

The FIRST Vulnerability Coordination Special Interest Group (SIG) made available for public comment through January 31, 2017 the draft Guidelines and Practices for Multi-party Vulnerability Coordination. Stakeholder roles and communication paths While ISO standards provide basic guidance on the handling of potential vulnerabilities in products, the guidelines document is geared to consider more complex and typical real-life scenarios. Case studies start with products in the design stage with no affected users and scale to vulnerability … More

Joomla vulnerability can be exploited to hijack sites, so patch now!

If you’re running a website on Joomla, you should update to the newly released 3.6.5 version as soon as possible – or risk your site being hijacked. The newest version of the popular CMS has been released on Tuesday (December 13), and it fixes three vulnerabilities, several bugs, and includes a number of new security hardening mechanisms. Among the fixed vulnerabilities is one (CVE-2016-9838) that is especially dangerous, as it could allow attackers to take … More

Components of an effective vulnerability management process

Vulnerabilities continue to grab headlines. Whether it is a zero-day that affects “tens of millions” servers around the globe or an old unpatched flaw that leads to a data compromise, we will keep reading about them. The modern security landscape demands a process to manage and keep on the top of the ever-evolving threats and vulnerabilities. This process is known as a vulnerability management program and it is designed to identify, classify and proactively prevent … More

Top trends in security testing and vulnerability management

Many businesses fail to conduct frequent security testing despite believing that it’s critically important to securing their systems and data. One in five of businesses surveyed admitted they don’t do any security testing, despite the fact that 95 percent of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities. The findings are based on an Osterman Research survey of 126 security professionals who have knowledge about or responsibility for … More

Key elements for successfully prioritizing vulnerability remediation

New vulnerabilities are disclosed every day, amounting to thousands per year. Naturally, not all vulnerabilities are created equal. In this podcast recorded at Black Hat USA 2016, Tim White, Director of Product Management at Qualys, talks about Qualys ThreatPROTECT, a cloud-based solution that helps IT professionals automatically prioritize the vulnerabilities that pose the greatest risk to their organization. How? By correlating active threats against your vulnerabilities. Live Threat Intelligence Feed ThreatPROTECT also includes a Live … More

ThreadFix: Software vulnerability aggregation and management system

ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. A view of the application portfolio Application security programs tend to involve a number of technologies and activities, and application security teams struggle managing these testing activities and all the data they are generating. “We built ThreadFix so that application security teams can create a consolidated view of their applications … More

Faraday: Collaborative pen test and vulnerability management platform

Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time. It gives CISOs a better overview of their team’s job, tools and results. You can run it on Windows, Linux and OS X. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way. Faraday supports more than 50 tools, including Burp Suite, … More