It is a common refrain in security circles that “nobody loves their vulnerability management tool.” CrowdStrike may have just proved to be the exception. We are proud to announce that CrowdStrike is the only vendor named a Customers’ Choice in the 2024 Gartner “Voice of the Customer” Report for Vulnerability Assessment. In this report, CrowdStrike is the only vendor placed in … [Read more...] about CrowdStrike Named Customer’s Choice for Vulnerability Assessment in 2024
vulnerability
Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros
Feb 07, 2024NewsroomDevice Security / Vulnerability The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the … [Read more...] about Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
Feb 03, 2024NewsroomVulnerability / Social Media The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The … [Read more...] about Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords
Jan 29, 2024NewsroomVulnerability / NTML Security A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked as CVE-2023-35636 (CVSS score: 6.5), was addressed by the tech giant as part of its Patch Tuesday updates for December 2023. "In an … [Read more...] about Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Jan 13, 2024NewsroomVulnerability / Network Security Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX … [Read more...] about Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
Jan 11, 2024NewsroomVulnerability / Cyber Attack Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe … [Read more...] about New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
How to hack Android, macOS, iOS, and Linux through a Bluetooth vulnerability
A severe vulnerability has been found in the implementations of the Bluetooth protocol across several popular operating systems: Android, macOS, iOS, iPadOS, and Linux. This bug potentially allows remote hacking of vulnerable devices without any particular actions required on the part the user. Let’s dive into the details. The Bluetooth vulnerability allows you to connect a … [Read more...] about How to hack Android, macOS, iOS, and Linux through a Bluetooth vulnerability
New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
Dec 09, 2023NewsroomCyber Threat / Hardware Security Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called … [Read more...] about New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
Vulnerability in crypto wallets created online in the early 2010s
Researchers have discovered several vulnerabilities in the BitcoinJS library that could leave Bitcoin wallets created online a decade ago prone to hacking. The basic issue is that the private keys for these crypto wallets were generated with far greater predictability than the library developers expected. Randstorm vulnerabilities and consequences Let’s start at the beginning. … [Read more...] about Vulnerability in crypto wallets created online in the early 2010s
The Impact of Microsoft’s Vulnerability Problem
Twenty years ago, Microsoft introduced the concept of Patch Tuesday to “reduce the burden on IT administrators by adding a level of increased predictability and manageability.” The goal of Patch Tuesday was to provide needed structure around what was largely an ad hoc process. By consolidating the majority of security updates and required patches into a planned release cycle, … [Read more...] about The Impact of Microsoft’s Vulnerability Problem