Discovering your open source dependencies using twigs
Twigs is an essential tool for devops security to ensure that your open source dependencies are evaluated and tracked for vulnerabilities. As described in the earlier blog article – Getting started with twigs, one of the discovery modes supported by twigs is the discovery of open source dependencies as assets using the ‘repo’ mode. In this […]
Learning From History – The Conficker Outbreak
History is a great teacher and provides us with a wealth of learning. The learning from the past is relevant not merely for anecdotal reasons but also for the wisdom that we can gain from it. Dipping into this pool of history can help to comprehend the present, improve our response and avoid mistakes that […]
Getting started with ‘twigs’
Introduction The bedrock of asset discovery in ThreatWatch is ‘twigs’ (short for ThreatWatch Inventory Gathering Script). twigs is a python based open source utility script maintained by ThreatWatch. twigs aims to provide a simple extensible interface to all types of assets and asset management systems in order to discover the metadata required by ThreatWatch to […]
CI/CD – vulnerability detection and integration. Are you overlooking the risks ?
Recently the industry has seen a trend where organizations are moving rapidly to integrate vulnerability detection tools as part of their CI / CD environments. That’s a step in the right direction only if the risks that emanate out of those integrations are carefully considered and mitigated. Unfortunately we don’t see much evidence of due […]
No Scan Chrome Zero Day Detection
Late last week, all of us were made aware of Chrome zero day ( CVE-2019-5786 ), “use after free in FileReader resulting in remote code execution“. This had a published exploit in the wild making it absolutely critical to patch without any delay. Users of ThreatWatch were not only notified of this intelligence but also […]
“runc” with ThreatWatch
Early last week, all of us got alerted with reports of a major vulnerability in the “runc” binary. The vulnerability was due to the way the runc binary handled system file descriptors when running containers , which could allow malicious containers to overwrite contents of the binary and ultimately cause remote code execution. Not many […]
The Java paywall is here
Starting this month, Java 8 users will have to make a choice. Pay a minimum of $40 for support and security updates or continue to use Java 8 with no security updates or fixes. Users will also not have access to a number of APIs like Java Web Start and Java Applets which will be […]
The myth of perimeter security
The rationale behind network firewalls was simple: build a moat around the castle to keep out the bad guys and allow only the people you trust, in over the moat. Essentially, protect your internal network from the big bad internet by selectively allowing or disallowing traffic between the two. Perimeter security relies on a set […]
ServiceNow comes to ThreatWatch
Overview A recent study reported that it took organizations an average of 197 days to spot a breach and 69 days to remediate it 1. That is a mind boggling 6 months to detect a potentially disastrous event that could have grave consequences to the future of the organization. Manual steps to track vulnerabilities added 12 […]
Bring CI ( Continuous Integration ) to Vulnerability Management
Enough time has passed and far too many data breaches have been uncovered to warrant a fresh look at how organizations look at pro-active security efforts. Account and access management has evolved and organizations are much more vigilant to ensure multi-factor authentication is setup for customer and employee access to services and data. Data suggests […]