Search results for: vulnerability

Healthcare IoT

The challenges of cyber research and vulnerability disclosure for connected healthcare devices

As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. The research includes analyzing protocols, reverse engineering software, and conducting vulnerability tests. Healthcare organizations are increasingly experiencing IoT-focused cyberattacks. What is the realistic worst-case scenario when it comes to such attacks? The first and most important risk to … More

United Nations

UN hacked: Attackers got in via SharePoint vulnerability

In summer 2019, hackers broke into over 40 (and possibly more) UN servers in offices in Geneva and Vienna and downloaded “sensitive data that could have far-reaching repercussions for staff, individuals, and organizations communicating with and doing business with the UN,” The New Humanitarian reported on Wednesday. The UN, unfortunately, did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH … More

Greenbone unveils new vulnerability management service platform for SMEs

Greenbone Networks, a leading provider of vulnerability management solutions, announced it is launching a new service platform that will enable its UK channel partners to offer customers vulnerability management (VM) as a fully managed service. Ideal for micro-businesses and small and medium enterprises (SMEs), the new Greenbone Managed Service (GMS) platform will offer enterprise-grade protection without the need to purchase hardware or software, or for any specialist cybersecurity expertise. The new platform will be available … More


Cisco fixes small business routers, kills eavesdropping vulnerability in conferencing devices

Cisco has released security updates for a variety of its products – owners of Small Business RV Series Routers, Web Security Appliances and TelePresence devices should pay extra attention. Small Business Routers Several series of Cisco Small Business RV Series Routers are vulnerable to remote code execution (via malicious HTTP request) and command injection (through malicious input in the web-based management interface). Both flaws can only be exploited by an authenticated attacker and none of … More

Adaptiva Evolve VM

Adaptiva launches Evolve VM, a life cycle vulnerability management product

Adaptiva, a leading, global provider of endpoint management and security solutions for enterprise customers, announced the release of Evolve VM. This vulnerability life cycle product automatically assesses endpoints for thousands of vulnerability, compliance, and health issues and remediates them as soon as they are detected. Utilizing NIST’s National Vulnerability Database and National Checklist Program Repository as well as hundreds of built-in custom client health checks, Evolve VM leverages Adaptiva’s peer-to-peer technology to address problems with … More

Trend Micro announces Pwn2Own Miami, a new vulnerability research competition

Trend Micro, a global leader in cybersecurity solutions, announced a new vulnerability research competition, Pwn2Own Miami, run by Trend Micro’s Zero Day Initiative (ZDI). The first of its kind contest will challenge participants to find vulnerabilities in a range of popular industrial control system (ICS) software and protocols. Over the past 12 years, Pwn2Own has encouraged vulnerability research in the most critical platforms for enterprises globally. In 2018, the ZDI purchased 224% more zero-day vulnerabilities … More

Trend Micro and Snyk provide open source vulnerability intelligence for DevOps

Trend Micro, the global leader in cloud security, announced a strategic partnership with Snyk, the leader in developer-first open source security. The partnership will focus on solving the unrelenting challenge that open source vulnerabilities create for developers, stemming from code-reuse, public repositories and open source. Together, Trend Micro and Snyk will help businesses manage the risk of vulnerabilities without interrupting the software delivery process. The combination of open source vulnerability intelligence from Snyk and Trend … More

Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!

A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of a target system. “An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer,” Mozilla explained. “Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl and tail -f /var/log/apache2/referer_log. We expect the community will … More

Cisco WebEx

Vulnerability in Cisco Webex and Zoom may expose online meetings to snooping

Cequence Security’s CQ Prime Threat Research Team discovered of a vulnerability in Cisco Webex and Zoom video conferencing platforms that potentially allows an attacker to enumerate or list and view active meetings that are not protected. The web conferencing market includes nearly three dozen vendors, some of whom may use similar meeting identification techniques. Although the CQ Prime team did not test each of these products, it is possible they could be susceptible as well. … More


Simjacker vulnerability actively exploited to track, spy on mobile phone owners

Following extensive research, AdaptiveMobile Security has uncovered a new and previously undetected vulnerability. This vulnerability is currently being exploited and is being used for targeted surveillance of mobile phone users. The vulnerability and its associated attacks have been named Simjacker as it involves the hijacking of SIM cards and threatens mobile phone users across the globe. What does Simjacker do? Simjacker extracts the location information of mobile phone users from vulnerable operators, retrieved using malicious … More

AlertEnterprise’s Airport Guardian integration helps airports reduce vulnerability and risk

AlertEnterprise, the leading physical-logical security convergence software company, has successfully integrated its Airport Guardian software with the Federal Bureau of Investigation’s (FBI) Record of Arrest and Prosecution Background (Rap Back) service. By integrating the Rap Back service, Airport Guardian software is designed to help airports significantly reduce vulnerability and risk in vetting the security backgrounds of job applicants and employees. The integration delivers real-time and continuous criminal history record checks (CHRC) during personnel selection and … More


Securing the cloud: Visibility, compliance and vulnerability management

In this Help Net Security podcast recorded at Black Hat USA 2019, Hari Srinivasan, Director of Product Management for Qualys, talks about the basics of securing your cloud. Here’s a transcript of the podcast for your convenience. Hello and welcome to today’s podcast. A bunch of questions are being thrown again about cloud security. Is the cloud inherently secure? Isn’t it too chaotic and elastic that implementing a security strategy is really tough? My name … More