When vulnerability management started out as a practice 15 years ago, the process was straightforward and simple in function. An IT admin would download non-commercial open-source tools for free, scan his environment for the few disclosed vulnerabilities, and mitigate them manually. The whole process would take months to complete, and that was still okay. Fast […]
Read More →
Organizations regularly face compliance audits that keep them up at night every quarter or year-end. To secure PII (personally identifiable information) of consumers and corporate data, various industries and governments have drawn up security benchmarks that mandate periodic risk assessment along with safe data handling and storage. Some common security benchmarks are HIPAA, ISO, NIST, […]
Read More →
Mozilla has released three security advisories to address the vulnerabilities present in Firefox, Firefox ESR, and Thunderbird. A zero-day vulnerability (CVE-2020-15999) has also been addressed in the latest version of Firefox. Firefox version 83 also introduces a new “HTTPS-only mode“, if enabled all the URL’s in the form of “http://” will be converted into respective […]
Read More →
Vulnerability management is hard to execute as a continuous process in the long run. In huge networks of organizations, the number of devices, software applications, and the vulnerabilities associated with them is multiplying rapidly. The complexity of devices and software are always growing. Organizations are put in a tough spot when conducting risk assessment and […]
Read More →
Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing two very critical Zero-Day exploits being exploited in the wild. These Vulnerabilities can be tracked as CVE-2020-16013 and CVE-2020-16017. Endpoints that have not been patched are advised to deploy the patches ASAP. The flaws were reported by “anonymous” sources to […]
Read More →
Microsoft has rolled out November Patch Tuesday security updates for 112 vulnerabilities in its product line including Windows operating system, Edge browser, and developer tools. Out of these one vulnerability is identified as a zero-day, 17 are classified as critical and 93 are classified as important. The vulnerabilities are in the categories of elevation of privilege, […]
Read More →
At SecPod, we always work towards delivering exceptional features to help you get the best out of our product. SanerNow 4.7.0.0 comes out with the most awaited Active directory integration along with several new enhancements and bug fixes. This release also includes enhancements on REST API. A glimpse into what’s new: To know more about […]
Read More →
Vulnerability management is a standardized process across most organizations. However, even organizations that follow periodic compliance audits and patch software vulnerabilities are hit by cyber-attacks. If attack surfaces are open despite following a documented vulnerability management process, the obvious problem to fix is the program’s effectiveness. Organizations should realize vulnerability management as more than an […]
Read More →
The scares of Halloween came very early this year in the form of COVID-19. Although organizations were eventually happy to keep their business operations running remotely, the shift was not that easy for IT teams. IT teams were tasked with the responsibilities of supporting the entire workforce with all the tools and devices they need. […]
Read More →
Oracle has addressed a critical Remote Code Execution (RCE) vulnerability in the rare out-of-band patch in numerous versions of Oracle WebLogic Server. The vulnerability is assigned CVE-2020-14750 which has a CVSS base score of 9.8 out of 10 and it is remotely exploitable without any authentication or user interaction. According to Eric Maurice, director of security […]
Read More →