Vulnerabilities Archives - Security Boulevard

CCleaner Supply Chain Attack Targeted Technology Companies

by Lucian Constantin on September 21, 2017

New evidence shows the hackers who infected the installers for the popular CCleaner system optimization tool were primarily targeting the program’s business users. There are also links between the malware code and a well-known Chinese cyber-espionage group. The malware-infected installers for 32-bit versions of CCleaner and CCleaner Cloud released in August were installed on more
Read more

Endpoint SBN Vulnerabilities

On Bug Bounty Programs: An Interview with HackerOne’s CEO

by David Bisson on September 20, 2017

In September 2017, I created a list of 10 essential bug bounty programs for 2017. Readers with a keen eye to detail might have noticed that nearly half of the companies included in that catalog host their vulnerability research programs, otherwise known as vulnerability disclosure programs and responsible disclosure programs, through HackerOne. A popular bug … Read More The post On Bug Bounty Programs: An Interview with HackerOne’s CEO appeared first on The State of Security.
Read more

Cloud Security Data Security Malware News SB Spotlight Vulnerabilities

Like Equifax, Thousands of Companies Use Vulnerable Apache Struts Versions

by Lucian Constantin on September 20, 2017

U.S. credit monitoring bureau Equifax has been heavily criticized for its failure to patch a known critical vulnerability in the Apache Struts web development framework, an oversight that led to a massive data breach affecting 143 million people. A new report shows that poor patch management practices are common in enterprise environments and that Equifax
Read more

SBN Vulnerabilities

The Myth of “False Positives” in Vulnerability Assessments

by Zeeshan Bilal on September 19, 2017

While false detections should be eliminated as much as possible, these are an inherent part of any vulnerability assessment tool. Possible reasons for false detections include rapid changes in vendor-specific patches/updates, zero-day vulnerabilities, access restrictions, and network glitches. The goal is to have the fewest vulnerabilities detected in an enterprise network, preferably with low scores/criticality … Read More The post The Myth of “False Positives” in Vulnerability Assessments appeared first on The State of Security.
Read more

Malware SBN Vulnerabilities

Bluetooth Vulnerabilities

by Bruce Schneier on September 18, 2017

A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensive vulnerabilities discovered recently in a Broadcom Wi-Fi chip by Project Zero and...
Read more

Data Security Malware Mobile Security News SB Spotlight Threats & Breaches Vulnerabilities

Equifax Confirms Hackers Broke In Through Apache Struts Flaw

by Lucian Constantin on September 14, 2017

U.S. credit reporting bureau Equifax confirmed Wednesday that the theft of personal information of more than 143 million consumers from its systems in May was the result of a vulnerability in the Apache Struts framework. The culprit was not the critical Struts REST plugin vulnerability patched recently, as some unsubstantiated reports suggested over the past
Read more

Malware SBN Threats & Breaches Vulnerabilities

Remediation vs. prevention: How to place your bets

by Sarah Enderby on September 13, 2017

Building a security environment for businesses is a gamble these days. It's remediation vs. prevention. Which should you bet on? Categories: 101 Business Tags: breachcyberattackcybersecurity policyIT adminsmalwarepreventionransomwareremediation (Read more...) The post Remediation vs. prevention: How to place your bets appeared first on Malwarebytes Labs.
Read more

SBN SBN News Vulnerabilities

September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

by Jimmy Graham on September 12, 2017

Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution (RCE). According to Microsoft, one vulnerability impacting HoloLens has a public exploit.
Read more

Blogs Chats DevOps SB Vulnerabilities

Security Boulevard Chats: DevSecOps, it’s a thing w/ Mike Kail, Cybric

by Alan Shimel on September 5, 2017

This episode of Security Boulevard Chats is with Cybric, CTO and co-founder, Mike Kail. Mike is no stranger to the security and DevSecOps community. Before Cybric, Mike had exec positions with Netflix and Yahoo, among others. Mike and I had a good conversation about “is DevSecOps a real thing?” What and who is holding back
Read more

SBN Vulnerabilities

August Patch Tuesday: 25 critical Microsoft vulnerabilities, 43 for Adobe

by Jimmy Graham on August 8, 2017

Today Microsoft released patches covering 48 vulnerabilities as part of August’s Patch Tuesday update, with 15 of them affecting Windows. Patches covering 25 of these vulnerabilities are labeled as Critical, and 27 can result in Remote Code Execution. According to Microsoft, none of these vulnerabilities are currently being exploited in the wild. Top priority for
Read more

Page 1 of 612 3 4 5...»Last »