Collaborate Disseminate
Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Cymulate, Gretel, Juniper Networks, Mandiant, Ping Identity, Qualys, ShiftLeft, and Tenable. Qualys minimizes vulnerability risk for organizations… Continue reading New infosec products of the week: February 4, 2022
Tenable announced new capabilities for Tenable.cs, its cloud-native application security platform. Tenable.cs delivers full lifecycle cloud-native security to address cyber risks from build to runtime. With the new features, organizations can secure cl… Continue reading Tenable.cs updates enable organizations to detect and fix cloud infrastructure misconfigurations
According to a research by Tenable, at least 40,417,167,937 records were exposed worldwide in 2021, calculated by the analysis of 1,825 breach data incidents publicly disclosed between November 2020 and October 2021. This is a considerable increase on … Continue reading Exposed records exceeded 40 billion in 2021
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another. Continue reading ‘Wormable’ Flaw Leads January 2022 Patch Tuesday
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server (CVE-2022-21907). Vulnerabilities of note Among the publicly known flaws are a “c… Continue reading Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
Here’s a look at the most interesting products from the past month, featuring releases from Action1, AwareGO, BlackBerry, Box, Castellan Solutions, Cloudflare, Code42, Cossack Labs, F5 Networks, Immuta, IriusRisk, MetricStream, MobileSphere, Nerdio, Ne… Continue reading Infosec products of the month: December 2021
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j v2.15.0. There’s CVE-2021-45046, a DoS/RCE flaw that was fixed in v2.16.0, t… Continue reading The Log4j saga: New vulnerabilities and attack vectors discovered
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month’s Patch Tuesday is being overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw. Continue reading Microsoft Patch Tuesday, December 2021 Edition
It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to deliver Emotet/Trickbot/Bazaloader malware family. Vulnerabilities of note in… Continue reading Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
Here’s a look at the most interesting products from the past week, featuring releases from Action1, Cloudflare, Code42, F5 Networks, NetQuest, Oxeye, SentinelOne and Tenable. SentinelOne Singularity Mobile combats mobile malware and phishing attacks Wi… Continue reading New infosec products of the week: December 10, 2021