HackDig : Dig high-quality web security articles for hackers

Validating XML Schema of OVAL Documents with Python

OVAL is the Open Vulnerability Assessment Language, which uses XML based documents to define vulnerabilities based on characteristics of a host system. It can also be used to gather information about the host. When an OVAL file is evaluated, it generates a report file with the results of the vulnerability evaluation or a system characteristics file
Publish At:2021-01-03 10:50 | Read:258 | Comments:0 | Tags:Vulnerability Management OVAL

Continue Clean-up of Compromised SolarWinds Software

Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts t
Publish At:2020-12-21 14:44 | Read:197 | Comments:0 | Tags:Featured Articles IT Security and Data Protection configurat

4 Things a Good Vulnerability Management Policy Should Include

Organizations face an ever-evolving threat landscape. With this in mind, it is imperative that organizations keep an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities that may lead to a breach. A good vulnerability management policy should contain the following:An Overview of what the policy is intended to do
Publish At:2020-12-08 03:02 | Read:279 | Comments:0 | Tags:Vulnerability Management Policies and Procedures policy Vuln

Attackers vs. Hackers – Two *Very* Different Animals

The cybersecurity industry is more well-informed than most, but even so, misconceptions arise and spread, helped along by the fact that the rise in cybersecurity incidents has led to substantial “pop culture” intrigue with all things cybersecurity.One of the more harmful of these misconceptions is the conflation of “hacker” and “attacker,” terms which are tr
Publish At:2020-11-11 03:37 | Read:466 | Comments:0 | Tags:Vulnerability Management attacker Hacker ransomware attacks

VERT Threat Alert: November 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-915 on Wednesday, November 11th. Note: Microsoft has changed their advisory format and no longer provides basic vulnerability descriptions.In-The-Wild & Disclosed CVEsCVE-2020-17087This CVE descr
Publish At:2020-11-10 19:49 | Read:355 | Comments:0 | Tags:VERT VERT News Vulnerability Management

N-Day Vulnerabilities: How They Threaten Your ICS Systems’ Security

In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security sectors.
Publish At:2020-11-03 00:37 | Read:506 | Comments:0 | Tags:Featured Articles Vulnerability Management ICS Vulnerabiltie

VERT Threat Alert: October 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-909 on Wednesday, October 14th.In-The-Wild & Disclosed CVEsCVE-2020-16938This CVE describes an information disclosure in the Windows kernel that could allow a local attacker to disclose informatio
Publish At:2020-10-13 21:01 | Read:538 | Comments:0 | Tags:VERT VERT News Vulnerability Management

Cómo madurar un programa de gestión de vulnerabilidades

El panorama global de ciber-amenazas se encuentra en constante evolución lo cual resalta la necesidad emergente de que las organizaciones fortalezcan su capacidad para identificar, analizar y evaluar los riesgos tecnológicos antes de que evolucionen a incidentes de seguridad completamente. Cuando se trata de mitigar el riesgo, los términos “gestión de
Publish At:2020-09-30 12:20 | Read:359 | Comments:0 | Tags:Spanish Vulnerability Management VM whitepaper

The History of Common Vulnerabilities and Exposures (CVE)

During the late 1990s, security professionals were using information assurance tools in concert with vulnerability scanners to detect and remove vulnerabilities from the systems for which they are responsible.There’s just one problem – each security vendor has its own database with little to no crossover. Each vendor’s tool generates its own alert for detect
Publish At:2020-09-17 01:02 | Read:558 | Comments:0 | Tags:Featured Articles Vulnerability Management CVE Patch Managem

VERT Threat Alert: September 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-903 on Wednesday, September 9th.In-The-Wild & Disclosed CVEsThere were no in-the-wild or disclosed CVEs included in this month’s security guidance.CVE Breakdown by TagWhile historical Microsoft
Publish At:2020-09-08 23:35 | Read:733 | Comments:0 | Tags:Featured Articles VERT VERT News Vulnerability Management

Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities – The CWE Top 25 (2020 Editio

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE). The CWE Top 25 is a community-developed list of the most dang
Publish At:2020-09-08 17:36 | Read:453 | Comments:0 | Tags:Featured Articles Vulnerability Management CWE vulnerabiliti

New Ponemon Report: A Programmatic Approach to Vulnerability Management for Hybrid Multicloud

X-Force Red is unveiling a new research study, conducted by the Ponemon Institute, that highlights vulnerability management challenges for on-premises and cloud environments: in other words, hybrid multicloud. The report, “The State of Vulnerability Management in the Cloud and On-Premises,” is based on a global survey of 1,848 IT and IT security
Publish At:2020-08-17 07:03 | Read:670 | Comments:0 | Tags:Cloud Security Security Services Software & App Vulnerabilit

Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away

Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise.   The threat is certainly less risky than in the year of discovery. However, in a year in which security priorities have recalibrated to keep up with the c
Publish At:2020-08-06 09:54 | Read:644 | Comments:0 | Tags:Software & App Vulnerabilities Patch Management Shellshock V

Effective Threat Intelligence Through Vulnerability Analysis

Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and com
Publish At:2020-07-30 15:37 | Read:630 | Comments:0 | Tags:Vulnerability Management ENISA Report threat analysis vulner

What’s New in the 2020 Cost of a Data Breach Report

In a world of uncertainty and change, it’s a comfort that some things are consistent year after year. Now in its 15th year, the annual Cost of a Data Breach Report, with research by the Ponemon Institute and published by IBM Security, continues to provide a detailed view of the financial impacts security incidents can have on organizations, with histo
Publish At:2020-07-29 08:52 | Read:621 | Comments:0 | Tags:Data Protection Threat Intelligence Threat Research Cost of

Tools

Tag Cloud