U.S Government Lists CVEs Most Exploited by Foreign Cyber Adversaries

U.S Government Lists CVEs Most Exploited by Foreign Cyber Adversaries

A joint report from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the broader U.S. government offers information about the commonly known vulnerabilities exploited by sophisticated ...
NVIDIA Fixes High-Severity Vulnerability in Drivers

NVIDIA Fixes High-Severity Vulnerability in Drivers

NVIDIA released a security update for its drivers, fixing several issues that could lead to denial of service, escalation of privileges, or information disclosure. The update covers multiple vulnerabilities affecting both the ...

Emotet attacks— a spike to start the year…

The Emotet malware is a very destructive banking Trojan that was first identified in 2014. Over the years it has evolved with new capabilities and functionalities, prompting cybersecurity agencies like the Australian ...

IE and FIREFOX-Patching nightmare begins in 2020…

Not all vulnerabilities are created equal. It’s true. In a perfect world, organizations should be able to patch every vulnerability on every client immediately. But we don’t live in a perfect world ...
25 Most Dangerous Software Errors List Shows SQL Injections Dropping in Frequency

25 Most Dangerous Software Errors List Shows SQL Injections Dropping in Frequency

| | CVE, Industry News, vulnerability
The top 25 most dangerous errors found in the CVE repositories were just published, and they show some interesting and surprising trends over the past decade. The first place in the Top ...
Injection Vulnerabilities – 20 Years and Counting

Injection Vulnerabilities – 20 Years and Counting

Injection vulnerabilities are one of the oldest exploitable software defects, which unfortunately are still prevalent today. Doing a simple search on cve.mitre.org com for the term injection returns with over 10,852 injection-related ...
SQL Injection loses #1 spot as most dangerous attack technique

SQL Injection loses #1 spot as most dangerous attack technique

The Common Weakness Enumeration (CWE), a community-developed compilation of the most critical errors leading to vulnerabilities in software, has lowered SQL Injection from its #1 spot as the most dangerous attack technique ...
Combating the Continuous Development of Vulnerable Software

Combating the Continuous Development of Vulnerable Software

Most people in our industry know what the acronym CVE means. For those that may not, CVE stands for Common Vulnerabilities and Exposures. According to their website, CVE was launched in 1999 ...

Isolation protects you from threats that haven’t even been discovered

Another day, another validation that Internet isolation really is the best cybersecurity protection out there.Last week, Google released an urgent Chrome update to patch an actively exploited zero-day known as CVE-2019-13720, a ...

Why ANY Web Browser Is Still Not Safe…

Menlo Security customers are 100% protected against a recent zero-day exploit in Internet Explorer. The exploit CVE-2019-1367 and CVE-2019-1255 is being actively used in limited attacks ...