Published on June 29th, 2020Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.Vulnerable Systems: Ping Identity PingID SSH before 4.0.14CVE Information: CVE-2020-10654Disclosure Timeline: Published Date:5/13/2020...

Published on June 29th, 2020A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled.Credit: The information has been provided by Stefan Schimanski. The original article can be found at:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706Details: This flaw allows an attacker with access to a backup to obtain OAuth...

Corporate and personal decisions are an important part of our daily life; many times they are made from our previous knowledge and lessons learned from similar events. To make a truly educated decision, the most complete information available is needed to quantify risks and estimate the potential returns of our actions.Unfortunately we don’t always have the answers to life’s unexpected challenges,...

Learn about cyber security, why it's important, and how to get started building a cyber security program in this installment of our Data Protection 101 series.

Coronavirus (COVID-19) has brought about unprecedented times. Let us help you maintain business as (sort of) usual.

Saltstack Remote Code Execution (RCE) Vulnerability For those that have implemented SaltStack in your cloud environment, please be aware of several vulnerabilities (CVE-2020-11651/CVE-2020-11652) that together allow a RCE condition, which could allow an attacker to take over your Master Salt server and then laterally move to your Salt minions. Please consider patching with release 3000.2 or...

As part of your defense against an external cyberattack, you’re ready to tackle the enormous task of securing all the data sitting on your servers, desktops and external drives.If you’re like most organizations, you’ve got tons of it because no one throws anything away these days. And if you’re working at an enterprise, it’s an exponentially larger...

In a recent cyber-attack, a metallurgy company became infected with ransomware. The firm shut down for a week to deal with the infection; the final costs for the system backup and production downtime came to over 50 million euros ($54 million). This follows a Kaspersky report, “The State of Industrial Cybersecurity” that shows 70% of companies expect an attack on their Operational Technology/...

Intelligence-Driven Vulnerability ManagementResource-strapped IT departments need to prioritize vulnerabilities and threats that will have the most impact within their organization's environment. Many businesses rely on common vulnerability and severity metrics (CVE, CVSS, CWE, etc.) to prioritize vulnerabilities that need attention. Attackers, on the other hand, don't necessarily prioritize their...

This article was originally published on TechAeris on May 08, 2020.What do you do if a small infected minority is threatening to infect the rest? By now, there probably isn’t a human being on the planet that doesn’t know the answer to this question: you place the infected in quarantine, separating them from the healthy. Collectively, throughout the world, we are distancing ourselves from the...

It’s easy to forget how dramatically the delivery of tech tools has changed over the decades. These days, few of us depend on a long list of desktop apps to do our work. Instead, we spend our working day logged into several web apps - simultaneously.Likewise, we can miss just how complex and interconnected the web app ecosystem is. Think you’re just using a single web app provided by a single...

Security GPA is one the most-used, and most-loved features in Fortra Vulnerability Management platform. Designed for risk prioritization, Security GPA is predicated upon a simple metric that resonates across all levels of an organization. Based on the academic grading system that uses both a four-point numerical scale in tandem with the letter grades A-F, Security GPA has grown into a powerful and...

Cybersecurity is now a business requirement for most organizations. However, it’s often difficult to report on your security team’s performance to non-technical stakeholders and leadership. Senior leaders deal with conflicting priorities across the entire business. Therefore, it’s crucial to communicate the risks to your organization in a way that resonates.Vulnerability management is one of the...