vulnerability
Amazon Sidewalk, Federal IoT Security Law, Facebook Messenger Bug
In episode 149 for November 30th 2020: Police begin to pilot a program to live-stream Amazon Ring cameras, new details about Amazon Sidewalk, Congress unanimously passes a federal Internet of Things security ...
Visualizing program structure characteristics for 12 million lines of code
Static code analyzers can detect security vulnerabilities. They also provide an unusual perspective on the structure of the code they analyze. This perspective offers a glimpse inside the internals of programs that ...
A WebLogic Vulnerability Highlights the Path-Based Authorization Dilemma
A WebLogic server vulnerability fixed by the October CPU has come under active exploitation after a Vietnamese language blog post detailed the steps needed to bypass authentication and achieve remote code execution ...
Beware of Zerologon Vulnerabilities in Windows Server
Researchers have new discovered a new Common Vulnerability & Exposure (CVE) called Zerologon. According to, Microsoft’s Security Update Aug. 11: “The elevation of privilege vulnerability for Zerologon, or CVE-2020-147, exists when an ...
Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered
Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability ...
CVE-2020-1938 Ghostcat – Apache Tomcat AJP File Read/Inclusion Vulnerability
Virsec Security Research Lab Vulnerability Report The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities. 1.1 Vulnerability Summary When using the Apache ...
Zoom Is Finally Testing Full End-to-End Encryption
Zoom finally announced that it’s starting to roll out end-to-end encryption (E2EE) for all users, marking a significant change in the security deployment of one of the most famous video-conferencing apps. The ...
CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an advisory after spotting advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities combined with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows ...
Zerologon: Tripwire Industrial Visibility Threat Definition Update Released
Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of ...
Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...
