Lumu to Emerge from Stealth at RSAC

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2014-9617PUBLISHED: 2020-02-19 Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. CVE-2015-7747PUBLISHED: 2020-02-19 Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile…

read more

Stop Defending Everything

Instead, try prioritizing with the aid of a thorough asset inventory. What is your information security program defending? This is a deceivingly difficult question for most. When I ask this at typical organizations, the answer is often disheartening. The standard response is “everything.” The word¬†everything causes my skepticism radar to…

read more

Securing Containers with Zero Trust

A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks. Containers have many benefits: easy portability, fewer system requirements, and increased efficiency, just for starters. But these benefits come at a cost. To provide these benefits, containers rely on extremely complex networking, much…

read more

Aftermath of a Major ICS Hacking Contest

Pwn2Own Miami could help spur more research on and attention to the security of industrial control system products, experts say. Down they dropped like frozen iguanas: SCADA gateways, control servers, human-machine interfaces (HMIs), an engineering workstation, and other industrial control system (ICS) software on stage in the first-ever ICS Pwn2Own…

read more

NSA Offers Guidance on Mitigating Cloud Flaws

A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources. The National Security Agency (NSA) today published a new document outlining common types of cloud vulnerabilities and offering different ways for companies to protect cloud environments. “Mitigating Cloud Vulnerabilities” addresses how cloud…

read more

CISO Resigns From Pete Buttigieg Presidential Campaign

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-15625PUBLISHED: 2020-01-18 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim’s memory processes to extract sensitive information. CVE-2019-19696PUBLISHED: 2020-01-18 A RootCA vulnerability found in Trend Micro Password Manager for…

read more

FBI Seizes Domain That Sold Info Stolen in Data …

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-15625PUBLISHED: 2020-01-18 A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim’s memory processes to extract sensitive information. CVE-2019-19696PUBLISHED: 2020-01-18 A RootCA vulnerability found in Trend Micro Password Manager for…

read more