Search results for: vulnerability

Greenbone introduces virtual appliances for vulnerability management

Greenbone, a leading provider of vulnerability analysis for IT networks, announced that its portfolio of vulnerability management (VM) products is now available via virtual appliances. Greenbone’s customers can now choose to deploy physical or virtual appliances, increasing flexibility and efficiency, while ensuring that data protection is always guaranteed. VM solutions identify and patch security-relevant vulnerabilities in IT systems, helping businesses reduce their exposure to risks and improving the overall resilience of their infrastructures. Greenbone’s entire … More

Denim Group integrates Jenkins Plugin with ThreadFix vulnerability management platform

Denim Group, the leading independent application security firm, announced the latest version of their Jenkins Plugin to integrate with their flagship vulnerability management product, ThreadFix. This plugin will allow development teams to incorporate application security testing into continuous integration and continuous delivery (CI/CD) pipelines, encouraging teams to address security concerns in a flexible manner. ThreadFix allows organizations to manage their application security programs and address risks to business operations that could be affected by vulnerabilities … More

Flexera unveils Vendor Patch Module for its Software Vulnerability Manager

Flexera, the software company that helps organizations realize technology’s power to accelerate their business, releases an add-on module for its popular Software Vulnerability Manager – Vendor Patch Module. The number of constant exploits, attacks and other software vulnerabilities has become unmanageable, and attempts to keep up can be overwhelming. Flexera Software Vulnerability Manager (SVM) was designed to identify these vulnerabilities and help prioritize remediation efforts. With the new Vendor Patch Module, organizations are able to … More

open source

1 in 10 open source components downloaded in 2018 had a known security vulnerability

This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it also examines the rapidly expanding supply and continued exponential growth in consumption of open source components. For the fifth anniversary report, Sonatype collaborated with Gene Kim from IT Revolution, and Dr. Stephen Magill from Galois and MuseDev. Together with Sonatype, the researchers objectively examined and empirically documented, release patterns and … More

Dell laptop

Dell fixes high-risk vulnerability in pre-installed SupportAssist software

Dell pushed out fixes for a high-risk vulnerability in its pre-installed SupportAssist software and urges users who don’t have auto updating enabled to upgrade the software manually. About the vulnerability (CVE-2019-12280) Dell SupportAssist software, which comes pre-installed on most Dell laptops and computers running Windows, has administrator-level access to the operating system (via a signed driver) because it must be able to identify issues, run diagnostics, driver-update scans, and install drivers. In May, researcher Bill … More

Arctic Wolf Managed Risk solution provides proactive vulnerability management services

Arctic Wolf Networks, a leading security operations center (SOC)-as-a-service company, announced the Arctic Wolf Managed Risk solution to provide proactive identification, analysis, and prevention of vulnerabilities. “Companies know that they need to reduce their attack surface, but they often don’t know where to begin. Arctic Wolf Managed Risk service helps companies make sense of their cyber risk profile, by continuously scanning internal/external networks and endpoints, and quantifying cyber risk-based vulnerabilities,” said Brian NeSmith, CEO and … More


How organizations are managing vulnerability risks

Tripwire evaluated how organizations are managing vulnerability risks and found that more than one in four (27 percent) globally have been breached as a result of unpatched vulnerabilities, with an even higher rate in Europe (34 percent). Vulnerability management starts with visibility of the attack surface, and Tripwire’s report found that 59 percent of global organizations are able to detect new hardware and software on their networks within minutes or hours. However, this is a … More

Field-programmable gate arrays

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT

Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential … More

Vulnerability management solution Tripwire IP360 released on AWS Marketplace

Tripwire has joined the global partner program for Amazon Web Services (AWS). As a new Advanced Technology Partner of the AWS Partner Network (APN), Tripwire has now made its vulnerability management solution, Tripwire IP360, available on the AWS Marketplace. As an Advanced Technology Partner in the APN, Tripwire leverages AWS to deliver cybersecurity solutions via scalable, flexible and cost-effective cloud-based infrastructure, starting with Tripwire IP360. APN is focused on helping its partners build and grow … More

Week in review: BlueKeep vulnerability, preventing Google account takeovers

Here’s an overview of some of last week’s most interesting news and articles: Data privacy: A hot-button issue for Americans one year after GDPR In recognition of GDPR’s first anniversary, nCipher Security conducted a survey to gauge American awareness of and sentiment about data privacy and security laws and issues. If you haven’t yet patched the BlueKeep RDP vulnerability, do so now If you’re wondering just how critical this vulnerability is, Microsoft’s reaction is a … More


How mainstream media coverage affects vulnerability management

For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has made more people aware of the risks and of the need to keep their various devices (software) up-to-date and, with the increased digitization of our everyday lives, I would say that’s a definitive plus. But among those people are also partners and regulators, and executives and boards of directors who may demand their … More


If you haven’t yet patched the BlueKeep RDP vulnerability, do so now

There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP). But, as many infosec experts have noted, we’re not far off from when one is created and leveraged by attackers in the wild. With the vulnerability being wormable, when it hits, the exploit could end up compromising millions of systems around the world, … More