Author: admin

Understanding the impact and relevance between public vulnerabilities and their weaponization into threats such as different types of malware’s is important to understand the level of investment and the type of focus that is needed for vulnerability management. Setting the Context Often malware is associated with brute force attacks such as compromised credentials to gain […]

  • Posted in Uncategorized
  • Comments Off on Malware and Public Vulnerabilities – Made for each other

Information security polices outline the guiding principles for organizations outlook towards security and privacy and also holds itself accountable to its shareholders and consumers. Policies impact both technology and human decisions. There is always an effort to align technology solution with policies. The real challenge is to be able to enforce policies and flag violations […]

  • Posted in Machine Learning
  • Comments Off on Policy Driven Controls Assessment – Bridging the gap between letter and spirit

Open Source technologies are becoming the backbone of all modern day solutions. It has huge advantages since the “write-once and use it across the board” approach fosters code reuse. In many cases these open source technologies get extended to adapt to specific requirements and customizations, this has similar traits to polymorphism brought in by modern […]

  • Posted in Uncategorized
  • Comments Off on THE NEW WEB – Vulnerabilities in Open Source Software

Recently the industry has seen a trend where organizations are moving rapidly to integrate vulnerability detection tools as part of their CI / CD environments. That’s a step in the right direction only if the risks that emanate out of those integrations are carefully considered and mitigated. Unfortunately we don’t see much evidence of due […]

  • Posted in Uncategorized
  • Comments Off on CI/CD – vulnerability detection and integration. Are you overlooking the risks ?

Late last week, all of us were made aware of Chrome zero day ( CVE-2019-5786 ), “use after free in FileReader resulting in remote code execution“. This had a published exploit in the wild making it absolutely critical to patch without any delay. Users of ThreatWatch were not only notified of this intelligence but also […]

  • Posted in Uncategorized
  • Comments Off on No Scan Chrome Zero Day Detection

Early last week, all of us got alerted with reports of a major vulnerability in the “runc” binary. The vulnerability was due to the way the runc binary handled system file descriptors when running containers , which could allow malicious containers to overwrite contents of the binary and ultimately cause remote code execution. Not many […]

  • Posted in Uncategorized
  • Comments Off on “runc” with ThreatWatch

Enough time has passed and far too many data breaches have been uncovered to warrant a fresh look at how organizations look at pro-active security efforts. Account and access management has evolved and organizations are much more vigilant to ensure multi-factor authentication is setup for customer and employee access to services and data. Data suggests […]

  • Posted in Uncategorized
  • Comments Off on Bring CI ( Continuous Integration ) to Vulnerability Management

Upgrade to Apache Struts version 2.3.35 or 2.5.17 ASAP ! If you use Apache Struts ( remember Equifax ? ) please upgrade to the versions mentioned above. As always NVD is lagging behind on details so dont depend on your scanning solutions to detect this in your environment just yet, CVE-2018-11776

  • Posted in Uncategorized
  • Comments Off on Do you use Apache Struts ? You need to upgrade.

                    With organizations moving towards higher levels of digitalization, the role of software has increased multifold. This has led to increased numbers of data breaches and the average size [1] of data breach has increased 1.8 in 2017. A breach is defined as an event in […]

  • Posted in Uncategorized
  • Comments Off on Prevent vulnerability creep in your software