Vulnerabilities
CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`
In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported ...
BootHole Shows Need for Greater Scrutiny
The recent BootHole and related vulnerabilities raise the question of whether software used for critical security functions should have special scrutiny. When a security operation fails the ramifications are considerable, especially when ...
Most Android Phones Can Be Pwned Just by Watching a Video
More than 400 bugs in Qualcomm Snapdragon chips mean the Android phone in your pocket could be tremendously vulnerable ...
Effective Threat Intelligence Through Vulnerability Analysis
Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort ...
Cyberattacks on Applications Grow Exponentially, Pose Serious Risk
The need for digital engagement with customers, partners, and employees has never been greater than it is today. Most organizations were already in varying stages of digital adoption when the pandemic hit ...
Nexus Intelligence Insights:CVE-2020-13935 – Apache Tomcat Websocket – Denial of Service (DoS)
For July’s Nexus Intelligence Insight we take a deep dive into a Denial of Service (DoS) vulnerability impacting the popular Apache Tomcat Websocket component ...
Thousands of websites at risk from critical WordPress plugin vulnerability
A critical vulnerability in a third-party plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely. The vulnerability, discovered by security researchers at Wordfence, hides in ...
Making Infosec Jobs Easier: Keeping Systems Patched
This is post 3 in our ongoing blog series on making infosec jobs easier. The first post covered the job of improving overall security posture, the second talked about assessing and reporting ...
Why Pivoting in a Crisis May Actually Energize Secure DevOps
There’s Nothing New About the Pivot Digital transformation has been around for about as long as the internet has been a… The post Why Pivoting in a Crisis May Actually Energize Secure ...
Week Six Featuring Research From Forrester: Are These Industries Undermining Their Security Posture?
Everyone knows application weaknesses and software vulnerabilities continue to be the most common avenue for exploit.… The post Week Six Featuring Research From Forrester: Are These Industries Undermining Their Security Posture? appeared ...
