Vulnerability

upguard

What is an Exploit?

An exploit is a piece of software, data or sequence of commands that takes advantage of a vulnerability to cause unintended behavior or to gain unauthorized access to sensitive data. Once vulnerabilities are identified, they are posted on Common Vulnerabilities and Exposures (CVE). CVE is a free vulnerability dictionary designed to improve global cyber security and cyber resilience by creating a standardized identifier for a given vulnerability or exposure.

tripwire

Mitigating Risk and High-Risk Vulnerabilities in Unsupported Operating Systems: BlueKeep Edition

How many times has a vendor released a critical cybersecurity patch for an operating system that is in “end of life” (EOL), or the lifecycle period where the vendor no longer issues patches for bug fixes, operational improvements and cybersecurity fixes free of charge? So if a vendor takes the time and resources to break this freeze and issue a patch for an EOL operating system like it did in response to BlueKeep, what does it tell you?

tripwire

Vulnerability Management Program Best Practices

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, when its output is tied back to the goals of the enterprise and when there is a reduction in the overall risk of the organization. Such vulnerability management technology can detect risk, but it requires a foundation of people and processes to ensure that the program is successful.

tripwire

BlueKeep: What you Need to Know

BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows’ implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as “wormable” by Microsoft, and users were warned that BlueKeep might be exploited in a similar fashion to how the WannaCry ransomware used the Eternal Blue vulnerability to spread widely in 2017.

detectify

New security test: CVE-2019-11043 PHP-FPM & NGINX RCE

tl;dr – CVE-2019-11043 PHP-FPM & NGINX RCE was publicly disclosed and a Proof-of-Concept exploit code was made available on GitHub. We received the report from our Crowdsource community, and now the CVE-2019-11043 Nginx/PHP-FPM RCE vulnerability is detected by Detectify. Nginx is a common web server used to run web applications. PHP-FPM (FastCGI Process Manager) is a processor for PHP scripts that is efficient at handling heavy website traffic and is commonly used by websites that have e.g.

manageengine

A catastrophic flaw in Linux sudo command with a simple fix using Desktop Central

A critical vulnerability in sudo has been disclosed, that when exploited, enables users to bypass security restrictions and execute commands as the root user. This security flaw has to be swiftly remediated as sudo is one of the most integral and commonly used functionalities in Linux operating systems.

logsign

Vulnerability Management Life Cycle

As one of the most important practices of cyber security, vulnerability management is not a one step process. It must keep evolving in accordance with your network’s growth. That is why we will take a closer look at vulnerability management lifecycle in this article. Vulnerability management is one of the pillars of cyber security. It helps your organization to have a stronger cyber security and allows your security team to better handle with potential attacks.

stackrox

Patches for CVE-2019-11253 released: Why you should upgrade your Kubernetes clusters immediately

The Kubernetes team has released patches for the recently disclosed “Billion Laughs” vulnerability, that allowed an attacker to perform a Denial-of-Service (DoS) attack on the Kubernetes API server by uploading a maliciously crafted YAML file.

sysdig

How to detect CVE-2019-14287 using Falco

A recent flaw, CVE-2019-14287, has been found in sudo. In this blogpost, we are going to show you how to use Falco or Sysdig Secure, to detect any exploit attempts against this vulnerability. sudo allows users to run commands with other user privileges. It is typically used to allow unprivileged users to execute commands as root. The issue exists in the way sudo has implemented running commands with an arbitrary user ID in versions earlier than 1.8.28.