Collaborate Disseminate
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
49% of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources, according to a Jam… Continue reading Baseline standards for BYOD access requirements
A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being … Continue reading Old vulnerabilities are still a big problem
I am reasoning about how to form a policy on CVEs found in software components that do not come from the software itself, but comes in a built-in dependency of that software.
Take the example of a software component built on Java maintaine… Continue reading How to reason about CVEs packaged in other open source software
In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the ven… Continue reading Android n-day bugs pose zero-day threat
Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023. As thousands of patches and updates are released each month, organizations… Continue reading A step-by-step guide for patching software vulnerabilities
Software depends on layers of code, and much of that code comes from open-source libraries. According to an Octoverse 2022 report, open-source code is used in 97% of applications. Not only do developers embrace open source, but so do nine in 10 companies. “Open-source software is the foundation of 99% of the world’s software,” Martin […]
The post Is Open-Source Security a Ticking Cyber Time Bomb? appeared first on Security Intelligence.
Continue reading Is Open-Source Security a Ticking Cyber Time Bomb?
In this Help Net Security video, Mitja Kolsek, CEO at Acros Security, discusses micropatches, a solution to a huge security problem. With micropatches, there are no reboots or downtime when patching and no fear that an official update will break produc… Continue reading Micropatches: What they are and how they work
The environment: A landscape of 4500+ endpoints connected to a corporate network, of which most but not all devices are Windows Desktop devices. The devices are managed by a local / on-prem AD NOT Azure. The devices are not managed by Offi… Continue reading Best solution for enterprise endpoint patch management [migrated]
With every step towards better cyber defense, malicious attackers counter with new tactics, techniques and procedures. It’s not like the attackers are going to say, “All right, you made it too tough for us this time; we’re checking out.” That is not happening. Increased use of virtualization comes with both operational efficiencies and abilities to […]
The post Hypervisors and Ransomware: Defending Attractive Targets appeared first on Security Intelligence.
Continue reading Hypervisors and Ransomware: Defending Attractive Targets