software
Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
CVSS 3.1: Refined and updated for easier adoption by the security community
The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a …
Protect privacy and provide secure mobile access to corporate data
In this Help Net Security podcast, Mike Campin, VP of Engineering at Wandera, talks about how their solution solves a problem that every business is facing today, which is how …
Cisco plugs critical security holes in Data Center Network Manager
Cisco has plugged four security holes in its Data Center Network Manager, two of which critical (have a 9.8 CVSS score). About Cisco Data Center Network Manager Cisco Data …
1 in 10 open source components downloaded in 2018 had a known security vulnerability
This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it …
OpenSSH adds protection against Spectre, Meltdown, RAMBleed
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow …
Dell fixes high-risk vulnerability in pre-installed SupportAssist software
Dell pushed out fixes for a high-risk vulnerability in its pre-installed SupportAssist software and urges users who don’t have auto updating enabled to upgrade the …
Slack + Snapchat = AppSec? Breaking down the complexity of messaging apps
Recently messaging applications got hit hard with vulnerabilities, hacking attempt disclosures by nation-states and insider employee inappropriate behaviors. As organizations …
How to diminish the great threat of legacy apps
The Equifax breach underscored the risk posed by unpatched software applications. As a refresher, 146 million customer records were exposed after a known vulnerability in …
Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector
There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the …
Memory analysis is the ground truth
In recent years, enterprises have adopted next-gen endpoint protection products that are doing an admirable job detecting anomalies. For example, searching for patterns such …
Apple May 2019 security updates fix numerous issues
Another month, another batch of Apple security updates that users of the firm’s computers, phones, tablets, streaming devices and smart watches will be prompted to …