CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors

Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...

Why the Right Metrics Matter When it Comes to Vulnerability Management

How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working? And even if you are...

Identify and De-risk Unmanaged, Unauthorized Devices With Qualys CyberSecurity Asset Management (CSAM)

69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads user accounts, and IoT devices. Ultimately, these attacks stem from visibility gaps in the attack surface. Bringing these assets...

kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

EasyEASM - Zero-dollar Attack Surface Management Tool

Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Juniper Networks has released updates to fix a critical remote code execution RCE vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Jun...

kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and...

EnvíaloSimple < 2.2 Unauthenticated PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed...

Addressing the Rising Threat of API Leaks

In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address...

PT-2024-14678

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.0-rc3-vmwgfx Description The vulnerability is related to the drm/vmwgfx module in the Linux kernel. It occurs when switching to a new plane state, which requires unreferencing all held surfaces. However, the...

SUSE CVE-2023-4232

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodestatusreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

SSH Attack Surface (CVE-2023-48795): Find and Patch With CyberSecurity Asset Management Before the Grinch Arrives

Secure Shell Protocol SSH has been a cornerstone of cryptography and security since it was developed in early 1995. Organizations rely on SSH for secure communications within several popular software products. The recent Terrapin Attack highlights the importance of maintaining full visibility of...

Modern Attack Surface Management (ASM) for SecOps

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what SecOps need to look for in an ASM solution...

PT-2023-32751 · Repbox · Repbox

Name of the Vulnerable Software and Affected Versions: Repbox affected versions not specified Description: An unrestricted file upload vulnerability has been identified, allowing an attacker to upload malicious files via the transforamationfileupload function due to the lack of proper file type...

USN-6522-2 freerdp2 vulnerabilities

USN-6522-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker...

Modern Attack Surface Management for CISOs

Today’s attack surface requires modern processes and security solutions. Explore the tenants of modern attack surface management ASM and what CISOs need to look for in an ASM solution...

OSINT. What can you find from a domain or company name

We carry out lots of attack surface assessments, parts of which involve investigating information that has been unintentionally disclosed. To help OPSEC people I thought it might be useful to go over some of the key things that can be found using domain and company names. Domain name So let’s div...

Bolstering API Security: Introducing Wallarm’s API Attack Surface Management (AASM)

In the fast-paced digital world, think of Application Programming Interfaces APIs as the threads that stitch together the fabric of our tech ecosystems. They're often overlooked, quietly ensuring that your apps communicate seamlessly and keep the digital world running smoothly. The majority of...