Category Archives: Software

How to diminish the great threat of legacy apps

The Equifax breach underscored the risk posed by unpatched software applications. As a refresher, 146 million customer records were exposed after a known vulnerability in Apache Struts was exploited. The reality is enterprises are supporting an ever-growing number of applications, both commercial and homegrown which has created many challenges in maintaining proper security patches for even the most critical applications. That same challenge becomes even more difficult when you consider legacy enterprise applications that are … More

The post How to diminish the great threat of legacy apps appeared first on Help Net Security.

Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector

There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. The results were released in the Q1 2019 Vulnerability QuickView Report. CVSSv2 scores of 9.0+, deemed critical issues, accounted for 14.0% of all published Q1 2019 vulnerabilities. Risk Based Security’s VulnDB published 2,539 (85%) more vulnerabilities than CVE/NVD … More

The post Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector appeared first on Help Net Security.

Memory analysis is the ground truth

In recent years, enterprises have adopted next-gen endpoint protection products that are doing an admirable job detecting anomalies. For example, searching for patterns such as remote access to memory, modification of specific registry keys and alerting on other suspicious activities. However, typically anomalies only provide us with an indication that something is wrong. In order to understand the root problem, respond and ensure that a machine is entirely clean, we must search for the malicious … More

The post Memory analysis is the ground truth appeared first on Help Net Security.

Request for Comments: PCI SPoC MSR Annex

 

From 26 Feb to 26 March, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the draft PCI SPoC Magnetic Stripe Reader (MSR) Annex. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.