Implementing the CIS 20 Critical Security Controls: Slash Risk of Cyber Attacks by 85%

If a CISO needed to cut cyber attack risk by 85%, how would this security chief go about accomplishing that? Would the CISO even know where to begin? It’s safe to say that such a mandate would be considered daunting, and maybe even overwhelming. CISOs are scrambling to protect IT infrastructures...

InfoSec Pros Must Fasten Their Seatbelts for Digital Transformation Ride

The IT industry has gone through multiple revolutions – client-server computing, the Internet’s rise, virtualization, mobility – but none rivals the unprecedented impact of today’s digital transformation. The implications for InfoSec professionals are broad, requiring that they adapt quickly to t...

ZTE uSmartView DLL Hijacking

Vulnerability summary The following advisory describes an DLL Hijacking found in ZTE uSmartView. ZTE uSmartView offers: “ZTE provides full series of cloud computing products including cloud terminals, cloud desktops, virtualization software, and cloud storage products and end-to-end integrated...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.6.1 bug fix and enhancement update

Red Hat OpenShift Container Platform releases 3.6.1 are now available with updates to packages and images that fix several bugs and add various enhancements. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or privat...

Vulnerability Management Market Disruptors

Gartners recent vulnerability management report provides a wealth of insight into vulnerability management VM tools and advice for how to build effective VM programs. Although VM tools and capabilities have changed since the reports last iteration in 2015, interestingly one thing hasnt: Gartners...

CyberSecurity Report: Threat Landscape Gets More Sophisticated

Destruction of service. Get acquainted with this newly-minted term, and with its acronym — DeOS. It’s a particularly disturbing type of cyber attack InfoSec teams may face regularly in the not too distant future. That’s one of the main findings featured in the Cisco 2017 Midyear Cybersecurity...

August 7, 2017 – Morning Cyber Coffee Headlines – “Teddy Roosevelt” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 5, 2017 - Headlines Ransomware can cost firms over $700,000; cloud...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

An update for openstack-nova is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website

Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...

The Unified Cloud

Throughout the history of cloud computing, 2006 was a momentous year. In 2006 Amazon Web Services released S3, the first pay per GB storage service. By August, they released EC2, allowing you to spin up a server and pay by the hour in the cloud. In the decade that has followed, AWS has emerged as...

IT Asset Inventory Systems and CMDBs: A Marriage Made in InfoSec Heaven

A key capability of an IT asset inventory system is being able to exchange data with CMDBs Configuration Management Databases. In fact, a common misconception is that organizations with CMDBs don’t need an IT asset inventory system because their functions overlap. While they have similar roles,...

Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova security update

An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

Oracle acquires DNS provider Dyn for more than $600 Million

Yes, Oracle just bought the DNS provider company that brought down the Internet last month. Business software vendor Oracle announced on Monday that it is buying cloud-based Internet performance and Domain Name System DNS provider Dyn. Dyn is the same company that was hit by a massive distributed...

Moderate: Red Hat Security Advisory: atomic-openshift security and bug fix update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.2 security update and bug fix update

An update for atomic-openshift and heapster is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Kibana security update

An update for Red Hat OpenShift Enterprise Kibana images is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

FedRAMP Prioritization

Coalfire has been participating in the American Council for Technology and the Industry Advisory Council ACT-IAC Cloud Computing community of interest in order to contribute in developing the new FedRAMP JAB Prioritization process...

D-Link cloud camera more than 1 2 0 product gaps, about 4 0 million devices affected-vulnerability warning-the black bar safety net

! Before the camera there is a security vulnerability, privacy is leaked out of the event. This event is the protagonist of turn A D-Link cloud camera. A woman named Stephen Ridley of the security researcher found that the D-Link cloud camera vulnerabilities exist, and he also found more than 1 2...

Amazon AWS XSS Protection Bypass

Exploit Author: Ajay Gowtham Vendor: ========================== http://aws.amazon.com/ Amazon Web Services, is a subsidiary of Amazon.com, which offers a suite of cloud computing services that make up an on-demand computing platform. These services operate from 12 geographical regions across the...

Moderate: Red Hat Bug Fix Advisory: Red Hat OpenShift Enterprise 3.2.1.1 bug fix and enhancement update

Red Hat OpenShift Enterprise release 3.2.1.1 is now available with updates to packages and images that fix several bugs and introduce feature enhancements. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud...