Out-of-bounds

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attack...

Customer-driven Rapid Innovation for Hybrid Cloud Security

Cyber threats have no boundaries; they come in new and evolving forms, capable of striking at any time … so it becomes important that your threat protection extends beyond conventional boundaries as well. In the past, on premise versions of security solutions were held up by long development cycl...

Remote Code Execution Vulnerability in Adobe Acrobat and Reader (CNVD-2017-35853)

Adobe Reader, etc. are the United States of America Auduby Adobe company's products. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tools; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF.Classic and Continuous are the two update...

Security Analysis with Bamboo Plugin

Build Management with Bamboo In the process of continuous integration, a code repository is automatically built and tested by a CI service when code is pushed or committed to the repository. This enables automated testing, tracking, and reporting of build errors and boosts the productivity of...

Gartner: The Pursuit of Perfection Weakens InfoSec Effectiveness

While malicious hackers are the obvious enemies of InfoSec pros, there’s something else that puts IT environments in danger: Perfectionism. When applied to security, perfectionism becomes detrimental, creating a false certainty that all bases are covered and yielding a fundamentally flawed approa...

QSC17 Focuses on Digital Transformation’s Challenges and Opportunities

Qualys Security Conference 2017 finds Qualys rapidly advancing in its ongoing quest to seamlessly and transparently thread security into the fabric of IT environments, and to make it essential for digital transformation. At QSC17, happening this week in Las Vegas, Qualys executives will share how...

Cardiac Scan Authentication — Your Heart As Your Password

Forget fingerprint authentication, retinal scanning or advanced facial recognition that has recently been implemented by Apple in its iPhone X—researchers developed a new authentication system that doesn't require any of your interaction, as simply being near your device is more than enough. A...

Achieve Continuous Security and Compliance with the CIS Critical Security Controls

For InfoSec pros, it’s easy to get overwhelmed by the constant noise from cybersecurity industry players — vendors, research firms, consultants, industry groups, government regulators and media outlets. A good antidote for this hyperactive chatter is to refocus on foundational InfoSec practices...

Cloud-focused Firms Earn High Marks for Software Security in BSIMM8 Report

Companies pushing the cloud envelope are most likely to run safer cleaner code. On the flip side, as the healthcare industry embraces an increasingly software-driven business model, it is struggling to keep up with its peers when it comes to software security. Those are some of the takeaways from...

Cybersecurity Executive Order 13800: More than a Risk Assessment?

Written by Sr. Solutions Engineer, Micah Maryn. Most folks around the Washington DC beltway have heard the cybersecurity Executive Order EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure referred to as a simple risk assessment. But the reality is that it i...

Vulnerability Management Market Disruptors

Gartners recent vulnerability management report provides a wealth of insight into vulnerability management VM tools and advice for how to build effective VM programs. Although VM tools and capabilities have changed since the reports last iteration in 2015, interestingly one thing hasnt: Gartners...

Coalfire’s Adaptive Penetration Testing at Black Hat Helped Prepare Tomorrow’s Security Talent

What makes a penetration tester highly successful? Most obviously, the technical skills to hack into a network, application, or location comes to mind first, and without those capabilities and the ability to continuously learn, an aspiring pen tester has a tough road ahead of them...

SMBLoris NBSS Denial of Service

The SMBLoris attack consumes large chunks of memory in the target by sending SMB requests with the NetBios Session ServiceNBSS Length Header value set to the maximum possible value. By keeping these connections open and initiating large numbers of these sessions, the memory does not get freed, an...

Qualys new look and new products

As you all know, it's Black Hat 2017 time. This year Qualys seems to be the main newsmaker among Vulnerability Management vendors. Qualys Team renewed logo and website, updated marketing strategy, presented two new products: CloudView and CertView. I decided to take a look. Talking about design, ...

Countdown to GDPR: Get 20/20 Visibility Into Your IT Assets

Anyone questioning the importance of IT asset visibility in an organization’s security and compliance postures ought to review the EU’s General Data Protection Regulation GDPR, which goes into effect next year. With the severe requirements the GDPR places on how a business handles the personal da...

Visual Studio Security Extension: Puma Scan

Visual Studio Security Extension Puma Scan is the leading software security Visual Studio analyzer extension. Built on top of Roslyn, the open-source .NET Compiler Platform, Puma Scan provides real time, continuous source code analysis as development teams write code. Vulnerabilities are...

No More Tears: WannaCry Highlights Importance of Prompt Vulnerability Detection, Remediation

It didn’t have to happen. That’s the simple yet profound lesson from WannaCry’s ransomware rampage that has infected 300,000-plus systems in more than 150 countries, disrupting critical operations across industries, including healthcare, government, transportation and finance. If vulnerable syste...

Jenkins unauthorized code execution vulnerability analysis, updated the vulnerability of the environment, to detect script-vulnerability warning-the black bar safety net

A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...

Jenkins unauthorized code execution vulnerability analysis-vulnerability warning-the black bar safety net

A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...

Kong and Wallarm Partner Up to Boost Microservices API Security

Wallarm has partnered with Mashape to provide the microservices community with API security. Mashape enterprise customers who use Kong API gateway can now quickly add API security protection without change in Kong user’s deployment. Read more about Kong and Wallarm partnership in this blog. Today...