Vulnerability Analysis – WindowsTechs.com

MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis

Posted on August 2, 2023 by Valentina Palmiotti

The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and […]

The post MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis appeared first on Security Intelligence.

Continue reading MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis→

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

Posted on December 13, 2022 by Chris Thompson

In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely execute code. The vulnerability is in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, which allows […]

The post Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism appeared first on Security Intelligence.

Continue reading Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism→

Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness

Posted on July 15, 2021 by Aleksandra Popova

Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be a key element of a smart security strategy. Software vulnerabilities are one of the root […]

The post Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness appeared first on Security Intelligence.

Continue reading Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness→

IBM Works With Cisco to Exorcise Ghosts From Webex Meetings

Posted on November 18, 2020 by Jiyong Jang

COVID-19 has changed the way many people work, as organizations have shifted to remote work to slow the spread. In early May, more than 100 million Americans were working from home, creating an increased need for remote collaboration tools like video conferencing. The use of Webex grew 451% between Feb. 17 and June 14 2020. […]

The post IBM Works With Cisco to Exorcise Ghosts From Webex Meetings appeared first on Security Intelligence.

Continue reading IBM Works With Cisco to Exorcise Ghosts From Webex Meetings→

ShiftLeft Tales — Reducing PoV onboarding times from few weeks to less than 5 minutes!

Posted on October 13, 2020 by Alok Shukla

ShiftLeft Tales — Reducing PoV onboarding times from few weeks to less than 5 minutes!
ShiftLeft Product/Engineering team latest product re-design reduced our product demo & onboarding timelines from weeks to less than 5 minutes. We achieved this b… Continue reading ShiftLeft Tales — Reducing PoV onboarding times from few weeks to less than 5 minutes!→

Security Supply and Demand: An Economic Approach to Cybersecurity Risk Management

Posted on November 4, 2019 by Douglas Bonderud

Effective cybersecurity risk management boosts infosec supply and reduces cost demands, but it isn’t a purely technological venture. Here’s how economic theory can help reduce total risk.

The post Security Supply and Demand: An Economic Approach to Cybersecurity Risk Management appeared first on Security Intelligence.

Continue reading Security Supply and Demand: An Economic Approach to Cybersecurity Risk Management→

Why Fixing Security Vulnerabilities Is Not That Simple

Posted on October 1, 2019 by Abby Ross

When it comes to patching, the devil is in the details. Help the process along by understanding these five issues organizations commonly face between scanning and finding security vulnerabilities.

The post Why Fixing Security Vulnerabilities Is Not That Simple appeared first on Security Intelligence.

Continue reading Why Fixing Security Vulnerabilities Is Not That Simple→

Penetration Testing Versus Red Teaming: Clearing the Confusion

Posted on May 1, 2019 by Chris Thompson

There is some confusion in cybersecurity as to the difference between penetration testing and red teaming. Since all businesses have vastly different security needs, the distinction is critical.

The post Penetration Testing Versus Red Teaming: Clearing the Confusion appeared first on Security Intelligence.

Continue reading Penetration Testing Versus Red Teaming: Clearing the Confusion→

Vulnerability Assessments Versus Penetration Tests: A Common Misconception

Posted on March 22, 2019 by Abby Ross

Vendors, cybersecurity professionals and marketing teams often use the terms “penetration testing” and “vulnerability assessment” interchangeably, mixing two completely different security engagements.

The post Vulnerability Assessments Versus Penetration Tests: A Common Misconception appeared first on Security Intelligence.

Continue reading Vulnerability Assessments Versus Penetration Tests: A Common Misconception→

How Patch Posture Reporting Improves Security Landscapes

Posted on March 15, 2019 by I-Lung Kao

If your vulnerability management tools do not report on your company’s patch posture, you may be missing crucial holes in your software that are ripe for exploitation.

The post How Patch Posture Reporting Improves Security Landscapes appeared first on Security Intelligence.

Continue reading How Patch Posture Reporting Improves Security Landscapes→