Two zero-day vulnerabilities found in the Lexmark Markvision Enterprise application that our Vulnerability Research Team discovered and brought to the attention of Lexmark. Lexmark has worked diligently with Fortra to understand, resolve and verify the fixes for these security issues. Lexmark has released fixes. To obtain Markvision Enterprise v2.4.1 visit: https://www.lexmark.com/markvision...

Vendor: DellProduct: SonicWALL Email Security (virtual appliance)Version: 8.3.0.6149 Summary Information:SonicWALL Email Security can be configured as a Mail Transfer Agent (MTA) or SMTP proxy and has spam protection, compliance scanning, anti-malware and anti-virus capabilities. The affected web interfaces for these vulnerabilities are frequently available on externally accessible perimeter...

The Digital Defense, Inc. Vulnerability Research Team (VRT) has identified six previously undisclosed security vulnerabilities found in the Dell EMC VMAX Management Product family. Summary information for these flaws can be found below.Checks for the identified vulnerabilities are available now in Frontline™ Vulnerability Manager. Clients are encouraged to run a full vulnerability assessment which...

Today Digital Defense is publishing six zero-day vulnerabilities found in the Dell EMC VMAX Management Product family that our vulnerability research team discovered and brought to the attention of Dell EMC. Dell EMC has been extremely professional and worked diligently with Digital Defense engineering staff to understand, resolve and verify the fixes for these security issues.Dell EMC has...

Is your organization capable of defending against today’s phishing attacks? Social Engineering requires very little to no knowledge of information technology or cutting-edge applications. All an attacker needs is a target and a crafty email to prey on weaknesses in human behavior.Don’t Take the Bait! Tips to Help Defend Against a Phishing AttackBe suspicious of emails asking you to “verify” your...

Today, Fortra is publishing two zero-day vulnerabilities found in the Veritas InfoScale Operations Manager that our vulnerability research team discovered and brought to the attention of Veritas. Veritas has been extremely professional and worked diligently with Digital Defense engineering staff to understand, resolve and verify the fixes for these security issues.Veritas has released fixes for...

I grew up in an environment filled with fun and engaging games. My parents, who were Grand Life Masters in the game of Bridge, believed their children could “learn to think” by playing and facing challenges presented by different strategy games. Growing up my family played many hours of strategy games such as Chess, Risk, Bridge, and many others. One of my favorite games was Stratego. As CTO of an...

Today Fortra is publishing several high-impact vulnerabilities on the Dell SonicWall GMS platform that our vulnerability research team discovered and brought to the attention of Dell. Dell has been extremely professional and worked diligently with Fortra engineering staff to understand, resolve and verify the fixes for these security issues. Dell has released fixes and customer advisories for...

Several months back I was updating our vulnerability scanner checks for various Solarwinds products. As I added a detection script for a product called Log and Event Manager (LEM), I realized that there were really no significant publicly disclosed vulnerabilities for it. This spurred me to download their trial, which comes as a virtual appliance, and look for some flaws. After initially setting...

Title: DDIVRT-2015-55 SolarWinds Log and Event Manager Remote Command ExecutionSeverity: HighDate Discovered: August 15, 2015Discovered By: Chris Graham @cgrahamsevenVulnerability Description:SolarWinds Log and Event Manager (LEM) is vulnerable to an Extensible Markup Language (XML) external entity injection through the agent message processing service. This service listens on TCP port 37891....

If your organization is required to comply with the Payment Card Industry-Data Security Standard (PCI-DSS), particularly Requirement 11, then you are likely familiar with the problems plaguing SSL, early TLS (i.e. TLSv1.0) and their supported ciphers over the past several months. High profile vulnerabilities such as HeartBleed, POODLE, FREAK and LogJam have sent merchants scrambling to patch...