Intel Wireless Bluetooth Vulnerability - Lenovo Support US

No description provided...

Intel Graphics Driver for Windows - Lenovo Support US

No description provided...

HPSBHF03678 rev. 2 - GRUB2 Bootloader Arbitrary Code Execution

Potential Security Impact Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported By: Eclypsium, Inc. VULNERABILITY SUMMARY HP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux. This vulnerability, known as “There’s a...

Hello open source security! Managing risk with software composition analysis

When first learning to code many people start with a rudimentary “Hello World” program. Building the program teaches developers the basics of a language as they write the code required to display “Hello World” on a screen. As developers get more skilled, the complexity of the programs they build...

CVE-2020-2226

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

CVE-2020-2226

The CVE-2020-2226 issue affects Jenkins Matrix Authorization Strategy Plugin, version 2.6.1 and earlier, where user names shown in the configuration were not escaped, enabling a stored cross-site scripting (XSS) vulnerability. The vulnerability can be exploited by users with Job/Configure or Agen...

NVIDIA GPU Display Driver - June 2020 Security Bulletin - Lenovo Support US

No description provided...

Cloud Security Is Simple, Absolutely Simple.

"Cloud security is simple, absolutely simple. Stop over complicating it." This is how I kicked off a presentation I gave at the CyberRisk Alliance, Cloud Security Summit on Apr 17 of this year. And I truly believe that cloud security is simple, but that does not mean easy. You need the right...

CISA Releases Securing Industrial Control Systems: A Unified Initiative

The Cybersecurity and Infrastructure Security Agency CISA has released its five-year industrial control systems ICS strategy: Securing Industrial Control Systems: A Unified Initiative. The strategy—developed in collaboration with industry and government partners—lays out CISA's plan to improve,...

Perspectives Summary – What You Said

On Thursday, June 25, Trend Micro hosted our Perspectives 2-hour virtual event. As the session progressed, we asked our attendees, composed of +5000 global registrants, two key questions. This blog analyzes those answers. First, what is your current strategy for securing the cloud? Rely completel...

The Fear of Vendor Lock-in Leads to Cloud Failures

Vendor lock-in has been an often-quoted risk since the mid-1990’s. Fear that by investing too much with one vendor, an organization reduces their options in the future. Was this a valid concern? Is it still today? The Risk Organizations walk a fine line with their technology vendors. Ideally, you...

Rockwell Automation FactoryTalk Services Platform

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level. Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker...

Examining the US Cyber Budget

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5...

RMIScout - Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation. On misconfigured servers, any known RMI signature using non-primitive types e.g., java.lang.String, can be exploited by replacing the object with a serialize...

GHSA-3GW4-M5W7-V89C Uncontrolled Resource Consumption in Indy Node

Summary Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. Discovery On May 18, Evernym's monitoring of Sovrin StagingNe...

A strategy for cybersecurity strategy

Let's start with an assumption: Having a cybersecurity strategy is best practice. So, what makes a good cybersecurity strategy? You'd be surprised how this answer varies across the security industry, especially from seasoned CISOs of Fortune 500 companies...

Synaptics Audio Driver Vulnerability - Lenovo Support US

No description provided...

Synaptics Fingerprint Vulnerabilities - Lenovo Support US

No description provided...

Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US

No description provided...

Multi-vendor BIOS Security Vulnerabilities (June 2020) - Lenovo Support US

No description provided...