Microsoft expands Zero Trust workshop to cover network, SecOps, and more

Building on identity, devices, and data, the workshop now covers network, infrastructure, and SecOps As the nature of cyberthreats and security challenges evolve, organizations have coalesced around a Zero Trust architecture as the approach to modernize their end-to-end security adoption and...

Efficient Infrastructure Testing

Before we start lets set the scene regarding vulnerability assessment. It is imperative that enterprises conduct their own continuous automated scanning, to have up-to-date assessments of threats that their networks may be susceptible to. Infrastructure penetration testing discussed in this blog...

Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens...

CB Customer Spotlight: Q&A with Kaas Tailored’s Joe Mrazik

For the past eight years, Joe Mrazik has taken on the role of Network Administrator for Kaas Tailored, protecting the company’s endpoints with CB Defense. Kaas Tailored is an aerospace and furniture manufacturing company that supplies parts to aerospace companies like Boeing. Read on to learn how...

Threat Hunting: Adoption, Expertise Grow, but Work Remains

Threat hunting, an often misunderstood but powerful security practice, is gaining traction, as more organizations reap benefits from it and get better at it. However, there is still a lot of room for adoption to increase and for practices to improve. Those were key findings from the SANS...

Container theft, the legal system and poor maritime security

One of the most interesting legal cases I’ve read recently involves a theft of two containers of cobalt metal briquettes from a terminal at the port of Antwerp. Original judgment: Appeal: What drew me to this case was the amount of useful data that had entered the public domain concerning a crime...

Adapting “The Pilot’s Checklist” to the Cybersecurity Space

More and more often, we hear about another high-profile cybersecurity breach or ransomware attack at a large, well-known organization. Cybersecurity breaches seem to be inevitable at this juncture. While reading about these events, one thing is painfully clear: cybersecurity practitioners are...

Infogram: Email notification is not being sent while changing passwords

Vulnerabilities:- 1.Use of old passwords is possiblecurrent password can be used as new password. 2.Email notification is not being sent to linked mail account while changing passwords. Impact:- Case-1:- -whenever a user requests a reset token for recovery of his account,a reset token is being to...

Juniper Issues Security Alert Tied to Routers and Switches

Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS. The alert was in conjunction with a warning from the U.S. Computer Emergency Readiness Team...

CompTIA Information Disclosure

I was signed up CompTIA account with a fake name for a privacy reason. Later on, I wanted to update my name in CompTIA account because I was planning to take their Security+ certificate. The problem is I cannot update my name directly from the profile menu, it told me to create a support ticket...

Password Security — Who's to Blame for Weak Passwords? Users, Really?

The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that...

Fortinet FortiADC D-series contains a cross-site scripting vulnerability

Overview Fortinet FortiADC D-series 3.2.0, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiADC D-series 3.2.0, and possibly earlier versions,...

Serena Dimensions CM 12.2 Build 7.199.0 web client vulnerabilities

Overview Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting vulnerabilities. Description Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting...

Dell KACE K1000 management appliance contains a cross-site scripting vulnerability

Overview Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS...

Master Password Protection added to Google Chrome's Password Manager

Just like other Web Browsers, The Google Chrome also offers a password manager feature that can save your logins and basic information for automatic form-filling. The Google Chrome browser stores all your passwords in the plain text format and is available for access by opening the following URL ...

New Android Banking Trojan targeting Korean users

A very profitable line for mobile malware developers is Android Banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts. One recent trend is Android malware that attacks users in specific countries, such as European Countries, Brazi...

[Samurai Web Testing Framework v2.1] Live linux environment that has been pre-configured to function as a web pen-testing environment

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool...

HTTP Format Sizes (CVE-2007-0774)

It is good security practice to limit the sizes of different elements in HTTP request and response. This reduces the chance for buffer overruns and limits the size of code that can be inserted into the header...

Centreon 2.3.3 through 2.3.9-4 blind sqli injection vulnerability.

Overview Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'Centreon 2.3.3 through 2.3.9-4 contains a blind sql injection vulnerability. The vulnerability is found withi...

ManageEngine AssetExplorer fails to properly sanitize XML asset data submission

Overview ManageEngine AssetExplorer version 5.6.0 build number 5610 and possibly older versions is vulnerable to multiple stored XSS vulnerabilities via XML asset data submission. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'ManageEngine...