Collaborate Disseminate
Microsoft (and the NSA) have been urging Windows users and administrators to install patches to protect systems from the BlueKeep (CVE-2019-0708) vulnerability.
Is disabling Remote Desktop Services sufficient to protect any … Continue reading Is disabling Remote Desktop Services sufficient to protect a Windows device from the BlueKeep vulnerability?
I am writing a research paper detailing the security vulnerabilities of serverless AWS lambda applications, and how to prevent them. I am also compiling a list of security auditing tools that are designed to target serverless… Continue reading What are some common AWS Lamdba (specific) Security Pitfalls, Auditing Tools, and Methods of Mitigation?
Hypothetically, let’s presume Java version X (an old version) has a known security vulnerability. If I’ve been using this version of Java, and say hosting webservers with that version, it’s “unsafe”. (Right?)
One thing Java … Continue reading Does upgrading the JVM version resolve security issues, even if I’m using an older language version?
How are you dealing with the OpenSSH vulnerabilities CVE-2019-6109, CVE-2019-6110 & CVE-2019-6111 on CentOS 6 in a PCI server? OpenSSH doesn’t seem to have a fix for this yet, but it fails Trustwave’s vulnerability scans…. Continue reading Dealing with OpenSSH CVE-2019-6109, CVE-2019-6110 & CVE-2019-6111 on CentOS 6
We are a vendor providing a product that is being used in enterprises. We know that those companies having periodic CVE scans on products they are using part of their vulnerability management process. My question is, do we have to raise a … Continue reading Should we release the security issues we found in our product as CVE or we can just update those on weekly release notes?
You have an external hard drive that was left in a public place. The data is encrypted.
What are the hardware or software vulnerabilities one can use to get the encryption password when one decrypts it?
is it possible to f… Continue reading External hard drive’s hardware vulnerabilities
I’m working on a project. I want to develop a Vulnerability Management system, but I’m lost.
My plan is to use Nessus to do all the necessary scanning then export the report to the Vulnerability Management system. From ther… Continue reading Vulnerability management process design – Improved VM using standards [on hold]
Normally, CVEs are added to the NVD CVE database and never removed. But can a CVE ID just disappear from the database after being there for a while? (Maybe because the entry was a complete mistake, or by whatever else reason…. Continue reading Can a CVE be removed from NVD database?
I would like to know if making a pdf ‘searchable’ somehow make it less secure?
Continue reading Does making a pdf searchable make it more vulnerable? [on hold]
Suppose I decide to use an outdated application for some reason: maybe I can’t update it for compatibility reasons, or updates are not provided in the official repositories I use, or maybe I just don’t feel like upgrading it … Continue reading Can my machine be compromised if I use an outdated application and the input data is trusted?