NSA Offers Guidance on Mitigating Cloud Flaws

A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources. The National Security Agency (NSA) today published a new document outlining common types of cloud vulnerabilities and offering different ways for companies to protect cloud environments. “Mitigating Cloud Vulnerabilities” addresses how cloud…

read more

CISO Resigns From Pete Buttigieg Presidential Campaign

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-15625PUBLISHED: 2020-01-18 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim’s memory processes to extract sensitive information. CVE-2019-19696PUBLISHED: 2020-01-18 A RootCA vulnerability found in Trend Micro Password Manager for…

read more

FBI Seizes Domain That Sold Info Stolen in Data …

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-15625PUBLISHED: 2020-01-18 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim’s memory processes to extract sensitive information. CVE-2019-19696PUBLISHED: 2020-01-18 A RootCA vulnerability found in Trend Micro Password Manager for…

read more

Synopsys Buys Tinfoil

Tinfoil Security’s dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group. Software security testing firm Synopsys has acquired Tinfoil Security in a deal aimed at increasing its dynamic application security testing (DAST) capabilities, the company announced today. In addition to providing additional capabilities to test…

read more

Cisco Drops a Dozen Vulnerability Patches

Among them are three for critical authentication bypass flaws. Cisco celebrated the new year by dropping patches for 12 vulnerabilities. The patches include fixes for three critical authentication bypass flaws, two command injection vulnerabilities, a pair of SQL injection vulnerabilities, three path traversal vulnerabilities, a vulnerability in the Data Center…

read more

How SIM Swappers Can …

The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges’ and email providers’ variable implementation of 2FA. Recently, I shared with you how alarmingly simple it was to not only “hack” my own email account but then to use that compromised account to hack…

read more