Mar 16 2022

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilitiesDISC @ 9:52 pm

The US Cybersecurity and Infrastructure Security Agency (CISA) added 15 new flaws to its Known Exploited Vulnerabilities Catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

The new vulnerabilities added to the catalog include one SonicWall SonicOS issue, tracked as CVE-2020-5135, and 14 Microsoft Windows flaws addressed between 2016 and 2019.

The CVE-2020-5135 is a stack-based buffer overflow that affects the SonicWall Network Security Appliance (NSA). The vulnerability can be exploited by an unauthenticated HTTP request involving a custom protocol handler.

The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access.

All the flaws added in this round have to be addressed by federal agencies by April 5.

The CISA Catalog has reached a total of 504 entries with the latest added issues.

Cisa Known Exploited Vulnerabilities Catalog

Hackable

Tags: CISA, Exploited Vulnerabilities Catalog, Hackable


Mar 17 2021

Hackable: How to Do Application Security Right

Category: Hacking,Information SecurityDISC @ 11:00 pm

If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too.

Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may be uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or maybe you think you do know, but don’t realize what you’re doing wrong.

To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales.

Hackable: How to Do Application Security Right

Tags: Hackable