Software vulnerabilities – Page 2

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1

Posted on October 17, 2022 by Rio Sherri

Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a […]

The post Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1 appeared first on Security Intelligence.

Continue reading Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1→

Does Follina Mean It’s Time to Abandon Microsoft Office?

Posted on September 22, 2022 by Jennifer Gregory

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m […]

The post Does Follina Mean It’s Time to Abandon Microsoft Office? appeared first on Security Intelligence.

Continue reading Does Follina Mean It’s Time to Abandon Microsoft Office?→

Beyond Shadow IT: Expert Advice on How to Secure the Next Great Threat Surface

Posted on August 23, 2022 by Mark Stone

You’ve heard all about shadow IT, but there’s another shadow lurking on your systems: Internet of Things (IoT) devices. These smart devices are the IoT in shadow IoT, and they could be maliciously or unintentionally exposing information. Threat actors can use that to access your systems and sensitive data, and wreak havoc upon your company. […]

The post Beyond Shadow IT: Expert Advice on How to Secure the Next Great Threat Surface appeared first on Security Intelligence.

Continue reading Beyond Shadow IT: Expert Advice on How to Secure the Next Great Threat Surface→

CISA or CVSS: How Today’s Vulnerability Databases Work Together

Posted on August 22, 2022 by Mark Stone

In the cybersecurity field, large databases of known threats and vulnerabilities have often been an essential resource. These catalogs show you where to focus your efforts. They’re also a good tool for prioritizing patches to increase security and mitigate the risk of disaster. As a result, these databases need to be reliable and up-to-date and […]

The post CISA or CVSS: How Today’s Vulnerability Databases Work Together appeared first on Security Intelligence.

Continue reading CISA or CVSS: How Today’s Vulnerability Databases Work Together→

Controlling the Source: Abusing Source Code Management Systems

Posted on August 9, 2022 by Brett Hawkins

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise […]

The post Controlling the Source: Abusing Source Code Management Systems appeared first on Security Intelligence.

Continue reading Controlling the Source: Abusing Source Code Management Systems→

Cybersecurity and the Metaverse: Patrolling the New Digital World

Posted on August 4, 2022 by Adeeb Rashid

The metaverse is a hot topic, and it’s easy to see why. It promises a 3D model of the internet, where virtual reality (VR) and mixed reality offer endless escapism. It provides a place parallel to the physical world where you can live a rich digital life: hang out with friends, shop for real or […]

The post Cybersecurity and the Metaverse: Patrolling the New Digital World appeared first on Security Intelligence.

Continue reading Cybersecurity and the Metaverse: Patrolling the New Digital World→

Real Security Concerns Are Scarier Than Doomsday Predictions

Posted on June 6, 2022 by Jonathan Reed

The metaverse, artificial intelligence (AI) run amok, the singularity … many far-out situations have become a dinner-table conversation. Will AI take over the world? Will you one day have a computer chip in your brain? These science fiction ideas may never come to fruition, but some do point to existing security risks. While nobody can […]

The post Real Security Concerns Are Scarier Than Doomsday Predictions appeared first on Security Intelligence.

Continue reading Real Security Concerns Are Scarier Than Doomsday Predictions→

X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021

Posted on May 5, 2022 by Austin Zeizel

From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the […]

The post X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 appeared first on Security Intelligence.

Continue reading X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021→

X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021

Posted on May 5, 2022 by Austin Zeizel

The post X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021 appeared first on Security Intelligence.

Continue reading X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021→

Top 5 Cybersecurity Podcasts to Follow in 2022

Posted on March 17, 2022 by Jennifer Gregory

One of my favorite parts about talking to cybersecurity professionals is asking how they landed in the industry. Few tell me about a straight path to their career, like attending college or earning a certification. Most launch into an interesting tale of their non-traditional career paths. When I share these stories, I’m often asked how […]

The post Top 5 Cybersecurity Podcasts to Follow in 2022 appeared first on Security Intelligence.

Continue reading Top 5 Cybersecurity Podcasts to Follow in 2022→