863 matches found
Managing Security Configuration Risk with the Most Comprehensive Configuration Compliance Solution!
Qualys leads the industry with 850 policies, 19000 controls, 350 technologies, and 100 frameworks Remote and hybrid work, digital transformation, and customer experience initiatives require rapid and continuous technology additions and changes. This requires continual additions of and deployments...
The Definitive Browser Security Checklist
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it ...
CVE-2023-0435
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
Code injection
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
CVE-2023-0435 Excessive Attack Surface in pyload/pyload
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
PT-2023-16267 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyload/pyload versions prior to 0.5.0b3.dev41 Description: The issue concerns an excessive attack surface in the GitHub repository pyload/pyload. Recommendations: For versions prior to 0.5.0b3.dev41, update to version 0.5.0b3.dev41 or later t...
CVE-2023-0435
CVE-2023-0435 affects pyload/pyload (GitHub repo) prior to version 0.5.0b3.dev41. The underlying issue is an Excessive Attack Surface, leading to a high/critical risk (NVD score 9.8). Affected component is the pyload/pyload codebase; root cause described as too many attack surfaces. Remediation: ...
CVE-2023-0435 Excessive Attack Surface in pyload/pyload
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41...
What is Business Attack Surface Management?
Explore how businesses can make internal and external attack surface management ASM actionable...
Patch Where it Hurts: Effective Vulnerability Management in 2023
A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all...
Patch Where it Hurts: Effective Vulnerability Management in 2023
A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all...
Year in Review: Rapid7 Cybersecurity Research
Welcome to 2023, a year that sounds so futuristic it is hard to believe it is real. But real it is, and make no mistake, threat actors are still out there, working hard to get into networks the world over. So, at the start of the new year, I am reminded of two particular phrases: Those who do not...
HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites
An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...
Managing Cyber Risk in 2023: The People Element
Explore the latest findings from Trend Micro’s Cyber Risk Index 1H’2022 and discover how to enhance cybersecurity risk management across the digital attack surface...
Introducing PEACH, a tenant isolation framework for cloud applications
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications’ attack surface...
UBUNTU-CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set...
Protect Your Network with Zero-Day Threat Protection
Explore the world of zero-day threats and gain valuable insight into the importance of proactive detection and remediation. Learn how Trend Micro™ Research mitigates risk by providing global cybersecurity intelligence to continuously discover the ever-changing attack surface, understand and...
When Being Attractive Gets Risky - How Does Your Attack Surface Look to an Attacker?
In the era of digitization and ever-changing business needs, the production environment has become a living organism. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This...
Top 3 Non-Technical Cybersecurity Trends for 2023
A strong cybersecurity strategy isn’t just about choosing the right tools. Cybersecurity experts Greg Young and William Malik discuss three non-technical cybersecurity trends for 2023 to help security leaders reduce cyber risk across the enterprise attack surface...
How a Unified Security Platform Protects the Cloud
Massive growth in cloud use has increased the enterprise attack surface. Addressing the risks with specialized point solutions is unwieldy, complex and can leave vulnerability gaps—driving many companies to seek a unified cyber security platform...