Vulnerability

Top 10 Open Source Vulnerabilities In 2020

Dec 17, 2020 By Patricia Johnson In Mend

If 2020 taught us anything, it’s to expect the unexpected. While there don’t seem to be enough words to cover the changes that we all did our best to adjust to, we are more than happy to give you our rundown of the top 10 open source vulnerabilities in 2020.

Read Post

Mend

Read more about Top 10 Open Source Vulnerabilities In 2020

CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

Dec 17, 2020 By Synopsys Cybersecurity Research Center In Synopsys

CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.

Read Post

Synopsys

Read more about CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

Contact Form 7 (5.3.1 & below) Vulnerable To Unrestricted File Upload

Dec 17, 2020 By Astra In Astra

Before you start reading the description, please log in to your WordPress Admin panel & update all the plugins. Contact Form 7 version 5.3.1 and below were found to be vulnerable to unrestricted file upload vulnerability. This issue has been reported by security researchers at Astra Security. By exploiting this vulnerability, attackers could simply upload files of any type, bypassing all restrictions placed regarding the allowed uploadable file types on a website.

View Video

Astra

Read more about Contact Form 7 (5.3.1 & below) Vulnerable To Unrestricted File Upload

State of Software Security v11: The Most Common Security Flaws in Apps

Dec 15, 2020 By Hope Goslin In Veracode

For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It’s important to look at the various types of flaws present in applications so that application security (AppSec) teams can make decisions about how to address and fix flaws. For example, high-severity flaws, like those listed in OWASP Top 10 or SANS 25, or highly prevalent flaws can be detrimental to an application.

Read Post

Veracode

Read more about State of Software Security v11: The Most Common Security Flaws in Apps

Fix now: Vulnerabilities targeting the FireEye Breach

Dec 15, 2020 By Simon Roe In Outpost 24

On Tuesday 8th December in an unprecedented move leading cybersecurity provider FireEye admitted they had been breached and several of their red team tools and scripts had been stolen. In this blog we look at the list of vulnerabilities in these tools and how to protect your organization.

Read Post

Outpost 24

Read more about Fix now: Vulnerabilities targeting the FireEye Breach

Outpost24 Webinar: Mastering container security in modern day DevOps

Dec 10, 2020 By Outpost 24 In Outpost 24

Join our webinar as our cloud security expert examines the security challenges that come with container adoption and unpack the key steps required to integrate and automate container assessment into the DevOps cycle to help developers build and deploy cloud native apps at speed whilst keeping one eye on security.

View Video

Outpost 24

Read more about Outpost24 Webinar: Mastering container security in modern day DevOps

Outpost24 webinar - Protecting Cezanne HR's cloud web application with continuous assessment

Dec 10, 2020 By Outpost 24 In Outpost 24

Cyberattacks like payroll scams and recruitment fraud are finding their way into organizations via HR which makes protecting your employee data just as important as customer data. Find out how Cezanne HR secure their SaaS application with continuous assessment to help their customers protect employee data. The Cezanne HR SaaS application is used by over 650 organizations across the globe to simplify human resource management. But when it comes to sensitive employee data, customers demand proof of security and need to know that their data is in safe hands. In this webinar John Hixon, R&D Director at Cezanne HR, will share in-depth insights into how he leverages manual pen testing and dynamic application security testing throughout the Software Development Lifecycle (SDLC) to uncover hidden risks in the application and protect their customer data. Join our host Simon Roe, Application Security Product Manager, and John as they discuss the importance of data protection in HR, and how this hybrid continuous assessment approach has helped them secure their business critical apps and maintain ISO certification standards at scale.

View Video

Outpost 24

Read more about Outpost24 webinar - Protecting Cezanne HR's cloud web application with continuous assessment

Zerologon: the most underestimated vulnerability of 2020?

Dec 9, 2020 By The Redscan Team In Redscan

With a CVSS score of 10, Zerologon is a privilege escalation vulnerability that can be used to spoof domain controller accounts and hijack domains.

Read Post

Redscan

Read more about Zerologon: the most underestimated vulnerability of 2020?

Vulnerability Management with ManageEngine Vulnerability Manager Plus

Dec 8, 2020 By ManageEngine In ManageEngine

Vulnerability management is the cyclical process of identifying, evaluating, treating, and reporting on threats and vulnerabilities across your network endpoints. In this video, we take an in-depth look at the exhaustive threat and vulnerability management features of ManageEngine Vulnerability Manager Plus.

View Video

ManageEngine

Read more about Vulnerability Management with ManageEngine Vulnerability Manager Plus

What is AMNESIA:33?

Dec 8, 2020 By Forescout In Forescout

What is AMNESIA:33? Forescout Research Labs has discovered a set of thirty-three new memory-corrupting vulnerabilities, affecting millions of enterprise IoT, OT and IT devices. Lurking in four open-source TCP/IP stacks used by over 150 vendors, AMNESIA:33 can present an immediate risk to organizations worldwide. Four of the vulnerabilities are critical, with possible exploits including Remote Code Execution, Denial of Service, and Data Exfiltration.

View Video