Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
software
CVSS 3.1: Refined and updated for easier adoption by the security community
The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a …
Protect privacy and provide secure mobile access to corporate data
In this Help Net Security podcast, Mike Campin, VP of Engineering at Wandera, talks about how their solution solves a problem that every business is facing today, which is how …
Cisco plugs critical security holes in Data Center Network Manager
Cisco has plugged four security holes in its Data Center Network Manager, two of which critical (have a 9.8 CVSS score). About Cisco Data Center Network Manager Cisco Data …
1 in 10 open source components downloaded in 2018 had a known security vulnerability
This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it …
OpenSSH adds protection against Spectre, Meltdown, RAMBleed
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow …
Dell fixes high-risk vulnerability in pre-installed SupportAssist software
Dell pushed out fixes for a high-risk vulnerability in its pre-installed SupportAssist software and urges users who don’t have auto updating enabled to upgrade the …
Slack + Snapchat = AppSec? Breaking down the complexity of messaging apps
Recently messaging applications got hit hard with vulnerabilities, hacking attempt disclosures by nation-states and insider employee inappropriate behaviors. As organizations …
How to diminish the great threat of legacy apps
The Equifax breach underscored the risk posed by unpatched software applications. As a refresher, 146 million customer records were exposed after a known vulnerability in …
Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector
There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the …
