CVE-2022-1271 is a new vulnerability affecting gzip, a widely used open source component for archiving, compressing, and decompressing files. CVE-2022-1271, also tracked in the Black Duck KnowledgeBase™ as BDSA-2022-0958, is a bug in gzip, a file format and software application used for archiving, compressing, and decompressing files.

A few days ago it was reported that the new Go versions 1.18.1 and 1.17.9 contain fixes for a stack overflow vulnerability in the encoding/pem builtin package, in the Decode function. Given the high popularity of Go among our customers and in the industry at large, this update led us to investigate the vulnerability in previous versions.

Discover the best vulnerability mitigation strategies to help protect your business from potential threats with this guide from the team at Reciprocity. 2021 (and every year leading up to it) was the worst year on record for cybersecurity. Since the onset of the COVID-19 pandemic, cybercrime as a whole has increased by 600 percent.

As Synk announces its support of unmanaged dependencies (mostly C/C++ libraries), we thought it would be beneficial to introduce our non-C community to some common, high-risk dangers that lurk in the C world (get it?). Think of this as a “beginners guide” to C and C++ vulnerabilities, how they look, what problems they may cause, and how to fix them.

When I look at IT security I can clearly see how it has changed, being today much more mature now than it’s ever been. Governments are working on policies and legislation forcing companies to prioritize IT security. As a result, the entire bug bounty community has bloomed in a way that I could never imagine, security researchers are now working together with companies to identify and mitigate vulnerabilities in a way that we have never done before.

April Patch Tuesday brings 145 vulnerability fixes from Microsoft — the highest number in 19 months—including CVE-2022-26809, a critical remote code execution (RCE) vulnerability in Windows Remote Procedure Call (RPC) Runtime library that impacts all supported Windows products. Notably, Microsoft also released security updates for Windows 7, an end-of-life product since January 2020, which highlights the severity of CVE-2022-26809.

This is the second installment in Trustwave’s in-depth tour of our Security Colony platform. For a broad overview of what Security Colony offers please read 5 Ways CISOs Can Leverage the Power of Trustwave Security Colony. Self-evaluation in any area, much less cybersecurity, can be challenging. Is my performance at work strong and consistent? Am I being friendly to my neighbors?