Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
The answer to the question “Why does software continue to have so many vulnerabilities?” is complex, because the software itself is so complex. There’ve been many articles written that cover the lack of tools to test for vulnerabilities, the security knowledge and experience of the developers themselves, the endless variations of interactions between operating systems […]
Continue ReadingAlthough KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors’ lack of awareness and action, according to Rezilion. The Known Exploited Vulnerabilities (KEV) catalog, maintained by the Cybersecurity and Infrastructure Security Agency (CISA), provides an authoritative source of information on vulnerabilities that have been […]
Continue ReadingUnpatched vulnerabilities are responsible for 60% of all data breaches. The Department of Homeland Security has estimated that the proportion of breaches stemming from unpatched flaws may be as high as 85%. Timely patching is an important aspect of managing vulnerabilities but is not always achievable in every circumstance. Indusface’s State of Application Security 2022 […]
Continue ReadingTo borrow from HHGttG, please DON’T PANIC. But if you are two years out of date with patches, please do ACT NOW!
Continue ReadingIT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. But are we ready for what’s next? As vulnerabilities continue to increase, what strategies should security professionals use to gain visibility into these threats, prioritize them, and manage the […]
Continue ReadingExposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takover, exposed Amazon S3 buckets, and Microsoft Exchange Server servers vulnerable to CVE-2021-42321 exploitation are the most common exploit paths medium to large enterprises left open for attackers in Q1 2022, according to Mandiant. Opening doors for attackers The firm has […]
Continue ReadingLatest episode – listen now!
Continue ReadingAll of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 18, 2022. I’ve also included some comments on these stories. CISA Alert on ICS, SCADA Devices Highlights Growing […]
Continue ReadingThere’s a saying in the cybersecurity community which states that just because you are compliant doesn’t mean that you are secure. Over the years, many images have been used to illustrate the point. One memorable image is that of a nude bicyclist wearing a helmet. By all standards, that is the epitome of “compliant, but not secure”. Many […]
Continue ReadingOn this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild (CVE-2022-24521) and another (CVE-2022-26904) for which there’s already a PoC and a Metasploit module. Vulnerabilities of note CVE-2022-24521 is a vulnerability in the Windows Common Log File System Driver that was reported to Microsoft […]
Continue Reading