A vulnerability has been identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT). The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team’s work with VRT to provide prompt fixes for this cyber security issue.SoftNAS has provided a patch for the vulnerability identified on the application. The...

Learn about a recent example of the damage insider attacks can cause, and how your organization can prevent them.

Find out the type of cyber threats that endanger organizations (and their ratings), and how they can protect themselves.

Exploiting CVE-2018-19864- Samuel S., Senior Vulnerability ResearcherDuring an audit of NUUO’s NVRmini2, a stack overflow vulnerability was discovered in a request handling function in the ‘lite_mv’ custom SIP service binary. The NUUO NVRmini2 runs a custom SIP service on TCP ports 5160 and 5150 via a binary at /NUUO/bin/lite_mv. In order to examine this bug more closely, we analyze the function...

NUUO Zero-Day BlogA vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.NUUO has provided a patch for the vulnerability identified on the application. The patched...

We are disclosing four previously undisclosed vulnerabilities within the Arcserve Unified Data Protection platform. The vulnerabilities can open the door for potential compromise of sensitive data through access to credentials, phishing attacks and the ability for a hacker to read files without authentication from the hosting system.________________________________________TitleDDI-VRT-2018-18 -...

Upgrade Your Network ScannerFree scanners are great – up to a point. That point is when your network reaches a critical size, your assets have acquired a critical value or your company, industry (or Uncle Sam) has set new compliance requirements that those freebee tools just can’t handle.Running multiple network scanning tools is a painEveryone has a half dozen network scanners sitting around and...

Port scanning tools – just the first step to network securityYour port scanning tools are nice, but...When your network reaches a critical size, your assets have acquired a critical value or when new compliance standards hit, your port scanning tools may have reached their limit. It’s the job of vulnerability assessment and management tools to combine port scanning with the investigation of...

IP scanning for growing or distributed networksYour IP Scanner more problem than help?When your network reaches a critical size, your assets have acquired a critical value or you have new compliance requirements - your freebee IP scanner just can't handle it. beSECURE (now part of Fortra Vulnerability Management) can. It your best step up into the corporate vulnerability assessment and management...

The three crumbling pillars of network securityWhy is network security getting harder?Access control, firewall and Intrusion Prevention Systems are failing to keep attackers from reaching vulnerable systems and network administrators have added as many layers beyond those as possible to no avail. This is a problem because successful attacks are often done with these solutions in place and being...

Our definition of penetration testingPen testing (penetration testing) is the discovery of vulnerable network equipment or applications by evaluating their response (behavior) to specially designed requests. In some cases a payload (message, marker or flag) is delivered to prove beyond a doubt that the vulnerability can be exploited. Pen testing is usually a manual and expensive undertaking that...

Keeping up with new vulnerability discoveriesWith hundreds of new vulnerabilities announced each month, active network scanning is essential. An automated, frequently used vulnerability assessment and management solution is your best option for the elimination of corporate network vulnerabilities.Enterprise now needs proactive, routine network scanning to keep up with internal changes and external...

Calculating the cost of GDPR complianceThe EU General Data Protection Regulation (GDPR) is unique in the field of compliance standards for its establishment of financial penalties for the loss or mismanagement of personal data of EU citizens. And those fines are higher and more likely to be assessed than any existing standard. Any company that does business with EU citizens (or controls or...

Pen testing always includes a vulnerability assessmentPenetration testing is all about identifying network security weaknesses before they are exploited internally or externally. The best pen testers bring a range of tools and experience to each gig and a key tool they will use is vulnerability assessment.The experience level, tools used, findings and the report you get from each penetration test...

Our research team is disclosing vulnerabilities identified in ManageEngine’s ADSelfService Plus application. ManageEngine was prompt in responding to the identified flaws and providing fixes for these security issues.A patched version of ADSelfService Plus can be downloaded from the ManageEngine site at: https://www.manageengine.com/products/self-service-password/download.htmlClients who currently...

There is a new term IBM and other industry experts have begun to use: the inadvertent employee. These are the well-meaning IT professionals who are often at fault when it comes to misconfigured servers, networks, and databases.

We disclosed multiple additional vulnerabilities identified on various ManageEngine applications. We commend ManageEngine for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.ManageEngine has provided patches for each of the vulnerabilities identified on the applications. The patched applications can be...

Update March 21, 2018: Added additional vulnerabilities disclosed to ManageEngine that were excluded from the original blog post affecting several additional ManageEngine applications.Multiple vulnerabilities have been identified on various ManageEngine applications discovered by our Vulnerability Research Team (VRT). We commend ManageEngine for their prompt response to the identified flaws and...

Today Digital Defense is disclosing three vulnerabilities identified on Dell EMC Data Protection Suite Family products discovered by the Digital Defense Vulnerability Research Team (VRT). VRT would like to commend Dell EMC for their prompt handling and diligent attention to the issues and their work with Digital Defense engineering staff to understand, resolve and verify the fixes for these...

Recently, the cause of Equifax’s catastrophic cyber attack was revealed as a hack that exploited a known bug in in Equifax’s web application software, Apache Struts.Since then, the discourse surrounding the event has shifted to two main subjects:The blame game: people want to hold someone responsible. The fallout has claimed the jobs of Equifax’s CSO, CIO, and now, CEO.The preventability of the...