Vulnerability

Redscan analysis of NIST NVD reveals record number of vulnerabilities in 2021

Dec 8, 2021 By The Redscan Team In Redscan

Our latest analysis of the National Vulnerability Database (NVD) has revealed that 2021 has now officially broken the record for common vulnerabilities and exposures (CVEs) logged by researchers. NIST is the US National Institute of Standards and Technology, and its National Vulnerability Database (NVD) is a repository of Common Vulnerabilities and Exposures (CVEs).

Read Post

Redscan

Read more about Redscan analysis of NIST NVD reveals record number of vulnerabilities in 2021

Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed

Dec 8, 2021 By Andrey Polkovnychenko and Shachar Menashe In JFrog

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 11 malicious packages in the PyPI repository, a discovery that shows attacks are getting more sophisticated in their approach.

Read Post

JFrog

Read more about Malicious npm Packages Are After Your Discord Tokens - 17 New Packages Disclosed

Cybersecurity in 2022, Predictions for digital ecosystem facing more challenges and sophisticated threats

Dec 7, 2021 By Chuck Brooks In AT&T Cybersecurity

In 2020, I published an AT&T blog called “Top Cybersecurity Trends & Predictions for 2020’”. In the article I had forecasted that cybersecurity would become even more of a strategic priority for companies as the cost, sophistication, and lethality of breaches would continue to rise.

Read Post

AT&T Cybersecurity

Read more about Cybersecurity in 2022, Predictions for digital ecosystem facing more challenges and sophisticated threats

2022 Cybersecurity Predictions - From Ransomware and Supply Chain Risks to Operational Technology and IoT

Dec 7, 2021 By Forescout Research Labs In Forescout

As we look ahead to 2022, we should pause to reflect on the trends of the past year. Ransomware and supply chain attacks have become two of the top concerns for organizations following a series of high-profile attacks, such as those conducted against Colonial Pipeline, SolarWinds and Kaseya. In 2021, our Project Memoria revealed close to 100 different vulnerabilities in common TCP/IP stacks, affecting hundreds of operational technology (OT) vendors.

Read Post

Forescout

Read more about 2022 Cybersecurity Predictions - From Ransomware and Supply Chain Risks to Operational Technology and IoT

Losing Control of Your Front Door

Dec 7, 2021 By Koren Molcho In Forescout

On November 10, 2021, Palo Alto Networks released advisories for eight different vulnerabilities affecting the company’s VPN firewall products. The vulnerabilities’ criticality ranges from ‘medium’ to ‘critical,’ with the most severe vulnerability, CVE-2021-3064 (CVSSv3.1 of 9.8), allowing for unauthenticated remote code execution, or RCE.

Read Post

Forescout

Read more about Losing Control of Your Front Door

Trustwave Gains CREST Vulnerability Assessment Accreditation

Dec 7, 2021 By Trustwave In Trustwave

Trustwave has been accredited by the internationally-recognized professional certification board CREST for its world-class vulnerability assessment services. Trustwave is now uniquely accredited with multiple CREST accreditations across Vulnerability Assessment (VA), Intelligence-Led Penetration Testing (STAR), Penetration Testing (PEN TEST) and STAR-FS Intelligence-Led Penetration Testing.

Read Post

Trustwave

Read more about Trustwave Gains CREST Vulnerability Assessment Accreditation

CyRC Vulnerability Advisory: Multiple vulnerabilities discovered in GOautodial

Dec 7, 2021 By Scott Tolley In Synopsys

Broken authentication and local file inclusion leads to information disclosure and remote code execution in the GOautodial API.

Read Post

Synopsys

Read more about CyRC Vulnerability Advisory: Multiple vulnerabilities discovered in GOautodial

Unified Agent - Local Scanning

Dec 4, 2021 By Mend In Mend

This is the first video in a series describing how the WhiteSource Unified agent can be used to detect open source artifacts and their known vulnerabilities and licensing risks. This video will focus on performing a scan on a user's local desktop.

View Video

Mend

Read more about Unified Agent - Local Scanning

Unified Agent - CI-CD Scanning | Azure DevOps

Dec 4, 2021 By Mend In Mend

This is the second video in a series describing how the WhiteSource Unified agent can be used to detect open source artifacts and their known vulnerabilities and licensing risks. This video will focus on performing a scan within a CI-CD pipeline such as Azure DevOps.

View Video

Mend

Read more about Unified Agent - CI-CD Scanning | Azure DevOps

Unified Agent - PreBuilt Docker Image

Dec 4, 2021 By Mend In Mend

This is the third video in a series describing how the WhiteSource Unified agent can be used to detect open source artifacts and their known vulnerabilities and licensing risks. This video will focus on performing a scan with a prebuilt docker image that contains the unified agent and specific versions of each package manager.

View Video