Vulnerability

Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities - The CWE Top 25 (2020 Edition)

Sep 7, 2020 By Matthew Jerzewski In Tripwire

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE).

Read Post

Tripwire

Read more about Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities - The CWE Top 25 (2020 Edition)

Fix now: High risk vulnerabilities at large, September 2020

Sep 4, 2020 By Simon Roe In Outpost 24

Since the start of the pandemic we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. As we head into the Autumn and the nights begin to draw in, threat actors continue to exploit vulnerabilities the world over. Let’s take a look at some that have raised their profile in the last couple of weeks.

Read Post

Outpost 24

Read more about Fix now: High risk vulnerabilities at large, September 2020

Summer 2020 Product Release

Sep 1, 2020 By Outpost 24 In Outpost 24

Learn about the new product features or watch the video highlight of our Summer release to help you manage vulnerabilities more effectively and automate security hygiene across the full technology stack with less effort.

Read Post

Outpost 24

Read more about Summer 2020 Product Release

Predictive Risk-Based Vulnerability Management

Sep 1, 2020 By Outpost 24

Are you struggling to triage through tons of findings to identify the greatest threats and patch more effectively? You are not alone! With speed being the biggest challenge to effectively patch, this whitepaper looks at how existing prioritization works with CVSS scoring and how a risk based approach with machine learning can be applied to align corporate risk appetite and drive better decision making for optimal efficiency.

Get White Paper

Outpost 24

Read more about Predictive Risk-Based Vulnerability Management

Build Security Into Your SDLC With Coverity

Sep 1, 2020 By Synopsys

Are your developers getting discouraged by too many false positives from security tools that slow them down? You need a solution that boosts their productivity, finds real vulnerabilities, and provides expert remediation guidance. Coverity will help you achieve this and more. Learn how you can assess the ROI of implementing Coverity into your SDLC, quickly build secure applications, and accelerate your software velocity.

Get White Paper

Synopsys

Read more about Build Security Into Your SDLC With Coverity

Vulnerability assessment | ManageEngine Vulnerability Manager Plus

Aug 25, 2020 By ManageEngine In ManageEngine

ManageEngine Vulnerability Manager Plus is a prioritization driven threat and vulnerability management solution for enterprises with built-in remediation. This video covers how you can utilize Vulnerability Manager Plus to discover vulnerabilities, put them in context to understand their impact and urgency, and swiftly remediate the imminent vulnerabilities with a built-in patching workflow.

View Video

ManageEngine

Read more about Vulnerability assessment | ManageEngine Vulnerability Manager Plus

Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323

Aug 14, 2020 By Özgür Alp In Detectify

Scope-creeping doesn’t always end up in a 0-day with a CVE assigned, and this was the fortune of Detectify Crowdsource hacker, Özgür Alp. He is an ethical hacker with 7+ years experience, well certified within offensive security and also high ranked on hacker leaderboards. Here is his success story on how he, with the help of the Detectify Crowdsource team, turned an open redirect into a public disclosed vulnerability known as CVE-2020-1323.

Read Post

Detectify

Read more about Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323

Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods

Aug 12, 2020 By Tripwire Guest Authors In Tripwire

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.

Read Post

Tripwire

Read more about Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods

Fix now: High risk vulnerabilities at large, August 2020

Aug 12, 2020 By Simon Roe In Outpost 24

Since April 2020 we’ve been writing about the latest CVEs to look out for in our risk based vulnerability management blog. Going into August we are highlighting a CVE affecting a popular password vault – KeePass, along with a few interesting ones. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.

Read Post

Outpost 24

Read more about Fix now: High risk vulnerabilities at large, August 2020

Remote Code Execution in a Popular Chat App: Easy as Sending a File

Aug 12, 2020 By Uchechi Odikanwa / James Lanagan In ThreatSpike

Zalo is a chat application on the rise and exceedingly popular in South-East Asia with a user base of over 100 million. In a number of countries, including Vietnam and Myanmar, the application rivals WhatsApp and Facebook Messenger as the most popular chat application. Zalo’s functionality continues to expand with Zalo Pay and Zalo Shop emerging among many new features on the burgeoning super app.

Read Post