Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

synopsys

DIY Guide to Open Source Vulnerability Management

Oct 14, 2020 By Synopsys
You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
Get EBook
Featured Post
outpost 24

Container Inspection: Walking The Security Tightrope For Cloud DevOps

Oct 9, 2020 By Sergio Loureiro In Outpost 24
Containers are at the forefront of software development creating a revolution in cloud computing. Developers are opting for containerization at an impressive rate due to its efficiency, flexibility and portability. However, as the usage of containers increases, so should the security surrounding it. With containers comprising of many valuable components it is of the utmost importance that there are no vulnerabilities exposed when developing applications, and risks are mitigated before containers, and their contents, reach the end-user.
Read Post

Security misconfiguration prevention | ManageEngine Vulnerability Manager Plus

Oct 9, 2020 By ManageEngine In ManageEngine
ManageEngine Vulnerability Manager Plus is a prioritization driven threat and vulnerability management solution for enterprises with built-in remediation. This video covers how you can utilize Vulnerability Manager Plus' security configuration management feature to continually detect security misconfigurations in your endpoints using a pre-defined set of baselines, and bring them back to compliance.
View Video
graylog

Detecting Security Vulnerabilities with Alerts

Oct 8, 2020 By Nick Carstensen In Graylog

Every day we discover new vulnerabilities in our systems, cracks in the fence the adversaries take advantage of to get into your organization and wreak havoc. Understanding what you have in your environment (e.g., types of devices, systems equipment, etc.) is very important in order to make sure the controls in place are working and more importantly, keeping up with the threat landscape.

Read Post
tripwire

Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Oct 5, 2020 By Robert Landavazo In Tripwire

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10—the most critical rating of severity. Zerologon is a vulnerability that affects the cryptographic authentication mechanism used by the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory.

Read Post
outpost 24

Fix now: High risk vulnerabilities at large, September 29th

Sep 30, 2020 By Simon Roe In Outpost 24

Since the global pandemic we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. As we head into the Autumn and the nights begin to draw in, threat actors continue to exploit vulnerabilities and cause disruption. Let’s take a look at some that have raised their profile in the last couple of weeks

Read Post
armo

What makes ARMO customers immune - by design - against vulnerabilities like the recently discovered CVE-2020-14386?

Sep 30, 2020 By Leonid Sandler In ARMO

CVE-2020-14386 is yet another severe vulnerability that was recently discovered in the Linux kernel. It reminds us that the fight against vulnerabilities is not over. This particular one allows a regular application to escalate its privileges and gain root access to the machine. Indeed, it sounds scary.

Read Post
redscan

Redscan Labs releases Zerologon detection tool

Sep 30, 2020 By The Redscan Team In Redscan

Zerologon (CVE-2020-1472) is a critical vulnerability in the Windows Server Netlogon process authentication process. Following our recent Security Advisory, immediate patching of the vulnerability is strongly advised. To help determine whether your organisation has been compromised as a result of an attacker exploiting the vulnerability (even prior to a patch being installed), Redscan Labs has developed a Zerologon detection tool.

Read Post
synopsys

CyRC Vulnerability Advisory: Authentication bypass vulnerabilities in multiple wireless router chipsets (CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991)

Sep 28, 2020 By Synopsys Cybersecurity Research Center In Synopsys

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991.

Read Post
tripwire

Instagram photo flaw could have helped malicious hackers spy via users' cameras and microphones

Sep 24, 2020 By Graham Cluley In Tripwire

A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security hole, which has been patched by Instagram owner Facebook, could be exploited by a malicious hacker simply sending their intended victim a boobytrapped malicious image file via SMS, WhatsApp, email or any other messaging service.

Read Post
Subscribe to Vulnerability

Copyright © 2024 OpsMatters™. All rights reserved.