Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2019-19318PUBLISHED: 2019-11-28 In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, CVE-2019-19319PUBLISHED: 2019-11-27 In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can
Cybersecurity relies on specialists of every kind – CISOs, network systems administrators, cloud experts, human resources and more – to achieve success. It takes a true team in order to avoid the pitfalls of failing controls and successful attacks. And just like team sports, cybersecurity has rules and playbooks that help everyone stay safe and
Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic. Security teams are laser-focused on protecting the crown jewels. And while they are pretty good at evaluating the security within their own environments, the outside world can be tougher, with new and emerging
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here’s why. As executive director of SAFECode, theSoftware Assurance Forum for Excellence in Code, I get to talk with a lot of companies — both SAFECode members and not — about their software security programs. These
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules. It’s an expansive cyber espionage operation that canvasses a victim’s network with backdoors, loaders, keyloggers, audio recorders, screen- and webcam grabbers, and even siphons data from printer-queues, burned CDs, and Apple iOS smartphone backups.
When each member of your security team is focused on one narrow slice of the pie, it’s easy for adversaries to enter through the cracks. Here are five ways to stop them. Today, enterprises consist of complex interconnected environments made up of infrastructure devices, servers, fixed and mobile end-user devices and a variety of applications