software-vulnerabilities
How to Streamline the Vulnerability Management Life Cycle
Establishing a vulnerability management process is a crucial part of an organization's cybersecurity strategy and demands thoughtful planning ...
Rezilion Releases New Smart Fix Capability, Delivering Intelligent Guidance for Patching
NEW YORK, May 31, 2023 – Rezilion, an automated software supply chain security platform, today announced the release of its new Smart Fix feature in the Rezilion platform, which offers critical guidance ...
ProxyShell or ProxyNotShell? Let’s Set The Record Straight
Before diving into ProxyNotShell, we will start by giving some context regarding the original ProxyShell vulnerabilities. On BlackHat USA 2021, Orange Tsai (a 0-day researcher focusing on web/application security) revealed the three ...
White House Releases Software Supply Chain Security Guidance
The White House published a memo requiring agencies to comply with guidance from the Office of Management and Budget (OMB) which aims to improve software supply chain integrity and security. Signed by OMB Director ...
What government agencies need to know about CISA’s new Binding Operational Directive
The Cybersecurity and Infrastructure Security Agency (CISA) is reinforcing the nation’s cybersecurity efforts by announcing a new Binding Operational Directive (BOD) related to common vulnerabilities and exposures. Also referred to as CVEs, ...
DEF CON 29 Aerospace Village – Brandon Bailey’s ‘Unboxing The Spacecraft Software BlackBox – Hunting For Vulnerabilities’
Our thanks to DEFCON for publishing their outstanding DEFCON 29 Aerospace Village videos on the organizations’ YouTube channel. Permalink ...
CWE-77
Improper Neutralization of Special Elements used in a Command (‘Command Injection’)CWE-77 refers to command injection, a vulnerability that allows malicious parties to control parts of the application by providing input that influences ...