vulnerability
Zerologon: Tripwire Industrial Visibility Threat Definition Update Released
Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of ...
Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...
Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones
A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security ...
Shopify Discloses Security Incident Involving Some Merchants’ Data
Canadian multinational e-commerce company Shopify disclosed a security incident that involved the information of some of its merchants. On September 22, Shopify published an incident update on its website. This bulletin explained ...
Detecting Zerologon (CVE-2020-1472) with Zeek
By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...
New feature — Ability to compare any two code analysis scans
New feature — Ability to compare results of any two code analysis scansShiftLeft Next Generation Static Code Analysis now allows you to compare any two versions of your code scans. By using the compare scans ...
Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done
CISA drafts directive to create a vulnerability disclosure policy for government websites and apps Agency seeks to centralize the effort via a standard vulnerability disclosure platform service next spring Cybersecurity veteran Katie ...
Severe TeamViewer Vulnerability Let Attackers Steal System Password
A security researcher found a severe TeamViewer vulnerability affecting Windows versions of the application 8 through 15, allowing attackers to steal system credentials. TeamViewer is a powerful tool for remote administration, but ...
Phishers Send Out Fake cPanel Security Vulnerabilities Advisory
Fraudsters launched a new phishing attack in which they sent out a fake cPanel advisory warning recipients about fabricated security vulnerabilities. On August 5, cPanel and WebHost Manager (WHM) users began reporting ...
Hunting 0-days in Cisco DCNM with ShiftLeft Ocular
Hunting 0-days in Cisco Data Center Network Manager (DCNM) with ShiftLeft OcularSince the CVEs are now public, it’s time to show how ShiftLeft Ocular was used to discover three zero-day vulnerabilities in ...
