DISC InfoSec blog

GitHub has analyzed over 45,000 active directories and found that open source vulnerabilities often go undetected for more than four years. Source: Open source vulnerabilities go undetected for over four years – Help Net Security The State of Open Source Security Vulnerabilities Resources for Searching and Analyzing Online Information Advanced Sciences and Technologies for Security […]

A researcher disclosed technical details of an unpatched vulnerability in Apple’s Safari web browser that can be exploited to steal files from the targeted system. Source: Expert discloses unpatched Safari flaw that allows stealing local files Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment […]

Mozilla has expanded its bug bounty program including rewards for bypass methods for the exploit mitigations and security features in Firefox. Source: Mozilla offers rewards for Bypassing Firefox Exploit Mitigations Why Firefox is the best browser for privacy and how to configure things properly

Manufactured by Thales, the EHS8 module family has security flaws that could allow attackers to take total control over internet-connected industrial machines. Source: IBM finds vulnerability in IoT chips present in billions of devices   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands […]

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. Source: FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up! DISC InfoSec 🔒 […]

Google Chrome will warn users when submitting insecure forms that deliver information via HTTP connections on HTTPS websites starting with version 86. Source: Google Chrome will warn users when submitting insecure forms   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up! DISC InfoSec […]

Security researchers have discovered a PoC code and exploit available online that can be used to trigger unpatched security flaws in Apache Struts 2. Security researchers have discovered a PoC code and exploit available on GitHub that that can be used to trigger the security vulnerabilities in Apache Struts 2. The Proof-of-concept exploit code was released last […]

Full details of security vuln plus proof-of-concept exploits revealed This critical-severity bug – scoring 9.9 out of 10 on the CVSS v3 meter – can be exploited by a rogue authenticated user, or someone whose access has been hijacked, to inject arbitrary code into an application server. This means they can run malicious commands they […]

FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about Hackers hit honeypots hours after CISO downplays risk, proof-of-concept exploit code emerges. Source: FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about Explore the subject of Cyber Attack […]

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. Source: Google open-sources Tsunami vulnerability scanner | ZDNet The scanner has been used internally at Google and has been made available on GitHub Google Tsunami Security Scanner – Quick install an example run InfoSec Threats, Books and Training […]

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them. Source: Good Cyber Hygiene in a Post-Pandemic World Starts with Us Cyber ‘hygiene’ could resolve 90% of cyber attacks | FT Business Notebook Download a Security Risk Assessment steps paper! Download a vCISO template Subscribe […]

Researchers discovered multiple flaws in more than 40 drivers from at least 20 different vendors that could to install a persistent backdoor on Windows PCs. Source: Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor The security flaw in more than 40 Device Drivers from 20 hardware vendors Subscribe to […]

Paperless voting devices are a gaping weakness in the patchwork U.S. election system, security experts say. But states and counties are making uneven progress in replacing them, a POLITICO survey reveals. Source: The scramble to secure America’s voting machines America’s Voting Machines Are Extremely Vulnerable to Hacking | NowThis Enter your email address: Delivered by […]

But one simple thing could help stop the vast majority of these attacks, say researchers. Source: These are the top ten security vulnerabilities most exploited by hackers | ZDNet