Containers are becoming the new computing standard for many businesses. New technology does not protect you from traditional security concerns. If your containers handle any sensitive data, including personally identifiable information (PII), credit cards or accounts, you’ll need to take a ‘defense in depth’ approach to container security. The CI/CD pipeline is vulnerable at every stage, from build to ship to runtime.

Right, so now the vast majority of your workforce works remotely. Clearly managing all these inbound VPN connections is on top of mind, but what about other vulnerabilities you should be monitoring for? In addition to the ever increasing number of inbound VPN connections, organizations can expect an increase in the use of SaaS-based collaborative software such as Slack, Dropbox, G Suite, and Trello.

New year, same old problems for Windows 10. But it doesn’t have to be that way. Earlier this month the United State’s National Security Agency (NSA) announced that they discovered a major vulnerability in Windows 10 and Windows Server 2016 that could have had dire consequences for businesses around the world. The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors NSA official cybersecurity advisory

Barely a week after Patch Tuesday, internet security company Qihoo 360 has discovered yet another vulnerability in Internet Explorer (IE), this time due to a remote code execution vulnerability in the jscript.dll scripting engine. The vulnerability, identified as CVE-2020-0674, is considered Critical for IE 11, and Moderate for IE 9 and IE 10.

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

Earlier this month, security researchers at Promon, a Norwegian firm that specializes in in-app security, uncovered a unique vulnerability in Android devices that allows malicious apps to masquerade as legitimate apps and prompt for intrusive permissions that allow them to: Listen to the user through the microphone, Take photos using the camera, and a lot more.

In the current digital era, enterprises across the world heavily rely on information systems for day-to-day operations and for accessing business-related data. In essential institutions, such as banking and financial, health, and government, protecting information is critical and any security mishap could disrupt daily operations. The intention of attackers is to either deny services until a ransom is paid or breach security to gain access to critical information.

A critical vulnerability in sudo has been disclosed, that when exploited, enables users to bypass security restrictions and execute commands as the root user. This security flaw has to be swiftly remediated as sudo is one of the most integral and commonly used functionalities in Linux operating systems.

A recent flaw, CVE-2019-14287, has been found in sudo. In this blogpost, we are going to show you how to use Falco or Sysdig Secure, to detect any exploit attempts against this vulnerability. sudo allows users to run commands with other user privileges. It is typically used to allow unprivileged users to execute commands as root. The issue exists in the way sudo has implemented running commands with an arbitrary user ID in versions earlier than 1.8.28.