RSS Security

πŸ”’
❌ About FreshRSS
There are new articles available, click to refresh the page.
Before yesterdayVerSprite

Opto 22 PAC Control Basic

23 April 2021 at 14:23

VerSprite's Vs-Labs uncovered an unpatched zero-day in the Opto 22 PAC Control Basic software. This advisory is for CVE-2021-30495 affects version R10.3003.

The post Opto 22 PAC Control Basic appeared first on VerSprite.

Unpatched Security Vulnerability in OPTO 22 PAC Basic Software

23 April 2021 at 14:07

This ungated Vulnerability Analysis Report outlines the vulnerabilities found by VerSprite's security research team within Razer's Synapse 3 software suite, including risk level, disclosure timeline, and remediation information. The vulnerabilities covered are CVE-2021-30493 and CVE-2021-30494.

The post Unpatched Security Vulnerability in OPTO 22 PAC Basic Software appeared first on VerSprite.

Razer Synapse 3 Permissions Vulnerability

13 April 2021 at 17:58

Razer Synapse 3's permissions assignment bug is allows for Denial of Service (DoS) attacks. This CVE-2021-30493 affects version 3.5.1030.101917.

The post Razer Synapse 3 Permissions Vulnerability appeared first on VerSprite.

Razer Synapse 3

13 April 2021 at 17:51

Razer Synapse 3's incorrect permissions assignment vulnerability is allows for Denial of Service (DoS) attacks. This CVE-2021-30494 affects version 3.5.1030.101917.

The post Razer Synapse 3 appeared first on VerSprite.

Razer Synapse 3 Security Vulnerability Analysis Report

13 April 2021 at 14:04

This ungated Vulnerability Analysis Report outlines the vulnerabilities found by VerSprite's security research team within Razer's Synapse 3 software suite, including risk level, disclosure timeline, and remediation information. The vulnerabilities covered are CVE-2021-30493 and CVE-2021-30494.

The post Razer Synapse 3 Security Vulnerability Analysis Report appeared first on VerSprite.

DevSecOps: Automating Security Testing in a CI/CD Pipeline

8 April 2021 at 17:59

In this tutorial, VerSprite's DevOps team walks you through how to automate SAST into your CI/CD pipeline

The post DevSecOps: Automating Security Testing in a CI/CD Pipeline appeared first on VerSprite.

Red Hat Linux iSCSI Subsystem Vulnerability Report

12 March 2021 at 13:12

In this Zero Day Report, VerSprite was asked to provide proof of concept for a Red Hat Enterprise Linux zero day found by GRIMM. Get the full PoC, CVEs, remediation, and business impact report.

The post Red Hat Linux iSCSI Subsystem Vulnerability Report appeared first on VerSprite.

Blind Spots in Security Awareness Training Programs

4 March 2021 at 11:39

In this article, VerSprite's Offensive Security team highlight the blindspots standard security training create that allows social engineering attacks to be successful at all levels in an organization.

The post Blind Spots in Security Awareness Training Programs appeared first on VerSprite.

Companies Using VMware ESXi Are Being Targeted by Ransomware

19 February 2021 at 12:00

Companies using VMware ESXi are being targeted by ransomware-as-a-service, resulting in encrypted virtual hard drives. Learn the business impact of this attack and get mitigation recommendations from VerSprite's Threat Intelligence Group.

The post Companies Using VMware ESXi Are Being Targeted by Ransomware appeared first on VerSprite.

Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane

11 February 2021 at 17:51

In the last iteration of our four-part series, VerSprite's security researchers examine real-world examples of reversing and exploiting Windows named pipe servers within applications using a custom vulnerable application. The methods covered to achieve this goal is through static analysis.

The post Windows Named Pipes Part 4: Taking a Trip Down Static Analysis Lane appeared first on VerSprite.

Vendor Risk Assessment Services vs. Third-Party Risk Management Software (VRA vs. TPRM)

8 February 2021 at 12:31

What's the best practice to manage third-party vendor risks? In this eBook, VerSprite's GRC team compare 7 factors to help you determine if Third-Party Risk Management software (TPRM) or Vendor Risk Assessment services (VRA) is right for you. Included: VRM Checklist

The post Vendor Risk Assessment Services vs. Third-Party Risk Management Software (VRA vs. TPRM) appeared first on VerSprite.

Fintech Cybersecurity Case Study CreditShop

26 January 2021 at 01:40

In this case study, CreditShop's CISO gives an inside look at how he uses red teaming exercises to shape their security roadmap and why it's critical for financial organizations to go beyond security compliance.

The post Fintech Cybersecurity Case Study CreditShop appeared first on VerSprite.

Informe sobre amenazas a la seguridad empresarial 2021

21 January 2021 at 19:08

En este video, el autor de Envisions, Balam Mendoza, y el CEO de VerSprite, Tony UcedaVΓ©lez, discuten los principales temas de nuestro Informe de amenazas 2021 y cΓ³mo los equipos de seguridad pueden usar los informes de amenazas al planificar sus protocolos de seguridad para el aΓ±o.

The post Informe sobre amenazas a la seguridad empresarial 2021 appeared first on VerSprite.

2021 Business Security Threats Briefing

20 January 2021 at 15:28

In this video, Envisions author, Balam Mendoza, and VerSprite CEO, Tony UcedaVΓ©lez, discuss the major topics within our 2021 Threat Report and how security teams can use threat reports when planning their security protocols for the year.

The post 2021 Business Security Threats Briefing appeared first on VerSprite.

Top 6 Cybersecurity Threats in 2021

14 January 2021 at 19:33

Envisions Critical Threat Report 2021 identifies the top 6 global cybersecurity threats, challenges, and opportunities businesses will face. This report can be used as a powerful resource for organizations looking to evolve and refine their geo-cyber strategy.

The post Top 6 Cybersecurity Threats in 2021 appeared first on VerSprite.

Operation SignSight: Software Supply Chain Attack Hits Vietnamese Government

29 December 2020 at 12:01

Vietnam's government is the latest victim in a string of complex supply chain attacks. This attack targeted the VGCA using a backdoor trojan called PhantomNet. VerSprite's Threat Intelligence team give a brief overview of the important details you need to know.

The post Operation SignSight: Software Supply Chain Attack Hits Vietnamese Government appeared first on VerSprite.

VerSprite Cybersecurity Discusses Sunburst and Vendor Supply Chain Attacks

28 December 2020 at 16:24

Sit back and listen to part 2 of our discussion on FireEye's breach, SolarWinds Sunburst supply chain attack. We'll cover updates, how to protect against supply chain attacks with organizational threat models, and debate on the risks and benefits of an open disclosure community.

The post VerSprite Cybersecurity Discusses Sunburst and Vendor Supply Chain Attacks appeared first on VerSprite.

How VerSprite’s Risk-Based Security Assessments Exposed Vulnerabilities Companies Never Imagined

22 December 2020 at 14:05

In this article, VerSprite's Offensive Security team explore the difference between common security risk assessments (vulnerability assessment, penetration testing, and red teaming) as we walk you through real exploits we have used to test organizations' security protocols.

The post How VerSprite’s Risk-Based Security Assessments Exposed Vulnerabilities Companies Never Imagined appeared first on VerSprite.

❌