Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers

One of the first things any security practitioner will tell you to do is keep your software up to date. It’s the number one way to protect against exploits targeting known vulnerabilities. In fact, most attacks these days don’t use new or novel attack methods, or even recently discovered vulnerabilities to succeed. They often use vulnerabilities that are years old!

Now while it’s simple to say that everyone should just run the most recent versions of operating systems and packages, actually implementing this quickly becomes painful for a number of reasons.

Read more “Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers”

What’s on the Box!? An In-depth Look At OS Package Management

Recently, I had the opportunity to help build out our vulnerability detection feature here at Threat Stack. I stepped into this project as I had many others; trying to understand the problem, thinking about the scale, how to break up the problem, etc. This problem is something developers rarely think about: the operating system. Sure, we have all done our fair share of apt and yum, but have you ever really taken a look into what gets installed on your computer? Have you ever noticed that when you do a dpkg -l, what you see is actually some strange take on semantic versioning that doesn’t seem to line up with what you see when you look at the version of that program using its version command? Me either, and let me tell you, it was not what I was expecting.

Read more “What’s on the Box!? An In-depth Look At OS Package Management”

Introducing Vulnerability Management at the Workload Layer

You know that feeling you sometimes get after you’ve left the house for the day and suddenly fear you didn’t lock the door? You have two options: Turn back around to check, ensuring your home will be safe and secure while you’re gone, or leave it to chance, hoping you locked the door, but worrying all day that you didn’t…

The same situation presents itself when it comes to vulnerabilities within software-defined environments. The options? Embrace a “trust but verify” mindset by proactively monitoring for vulnerabilities, or do nothing, leaving to chance the security of company data, customer data and, as a result, the very existence of your business. Read more “Introducing Vulnerability Management at the Workload Layer”

“The Call is Coming from Inside the House” Insider Threats Pose Major Security Concerns for Enterprise

Security is a major concern and potential road block for companies starting up in the cloud or considering a move into the cloud. Incidents such as the most recent high-profile attack on “online cheating site” Ashley Madison do little to assuage those fears as companies must consider how to best protect themselves from external and insider threats

Read more ““The Call is Coming from Inside the House” Insider Threats Pose Major Security Concerns for Enterprise”

Snorby Cloud Intel Update – Rails Vulnerability Detection

These last few weeks have been rough on Rails developers. Over the past few weeks there have been several vulnerabilities involving the parsing of Rails parameters, with one leading to arbitrary code execution (CVE-2013-0155, and CVE-2013-0156). Our friend Postmodern, the creator of Ronin (an excellent ruby platform for vulnerability and exploit development), wrote a great blog post explaining vulnerabilities with working PoC code.

Read more “Snorby Cloud Intel Update – Rails Vulnerability Detection”