Articles about cve

GHOST vulnerability

Open-source software supply chain vulns have doubled in 12 months

Use of vulnerable open source components has doubled over the last year despite their role in the high profile Equifax mega-breach. Sonatype’s fourth annual Software Supply Chain Report, published on Tuesday (available here, registration required), revealed a 120 per cent rise in the use of vulnerable open source components …
John Leyden, 25 Sep 2018
Number one foam hand

Juniper scores dubious honour of owning CVE-2018-0001

Juniper Networks, come on down: you have won the dubious honour of being responsible for CVE-2018-0001. Apparently Juniper infosec bods didn't take much time off over the Christmas-New Year period, instead running up fixes for ten 2018-dated CVE (common vulnerability and exposure) notices. CVE-2018-0001 is a bug affecting …
Image by Moriz

Gotta have standards? Security boffins not API about bloated browsers

+Comment The W3C introduces API standards that end up mostly unused, doing nothing more than loading up the code base with vulnerabilities. That's the conclusion of a paper by University of Illinois, Chicago researchers to be presented next week at the ACM's Conference on Computer and Communications Security in Dallas. Chrome 56 …

Make America late again: US 'lags' China in IT security bug reporting

The US is starting to fall well behind China in terms of the speed at which organizations are alerted to reported security vulnerabilities, according to a study out this week by threat intel biz Recorded Future. The US government's National Vulnerability Database (NVD) lags China’s National Vulnerability Database (CNNVD) in …
John Leyden, 20 Oct 2017
what has been seen? pic by SHutterstock

Most vulnerabilities first blabbed about online or on the dark web

More than three-quarters of vulnerabilities are publicly reported online before National Vulnerability Database publication. News sites, blogs and social media pages as well as more remote areas of the web including the dark web, paste sites, and criminal forums first published bugs more often than NIST's1 centralised National …
John Leyden, 8 Jun 2017
Neural network image via Shutterstock

CompSci boffins offer new bug-rating system to get you home on time

If you're in charge of a couple of thousand boxen, you can't patch every vulnerability report at once, so sysadmins will welcome help sorting out their priorities. That's what a couple of researchers hope to offer in what they call NCVS, the Non-Intrusive and Context-Based Vulnerability Scoring framework: making sense of the …

If you can chdir you can hack CA's Unified Infrastructure Manager

IT shops running CA Technologies' Unified Infrastructure Management (UMI) – formerly CA Nimsoft – need to run patches for three vulnerabilities, one remotely exploitable. CA bought Nimsoft in 2010 to get its hands on the “single pane of glass” monitoring system, covering servers, networks, storage, and databases. The most …

Docker lets security bug sniffer dogs off the leash at container images

Docker has hit upon an idea that perhaps other platforms could potentially incorporate: scanning software components for publicly known vulnerabilities prior to deployment. Today, the software container biz will announce Docker Security Scanning, which scours private repositories in the Docker Cloud for recognized security …
Chris Williams, 10 May 2016
Scary Skeleton Samba

PNG pongs: critical bug patched in ubiquitous libpng

This will not be fun: the graphics processing library libpng has a vulnerability and needs to be patched. The problem for that is that libpng is everywhere – in browsers, anything that processes photos to produce thumbnails, file browsers, music players, in applications in every operating system. The bug is a simple denial-of …

Row rumbles on over figures in Oracle CSO’s anti-security rant

Security researchers picking through the entrails of a withdrawn blogpost by Oracle CSO Mary Ann Davidson reckon not even her figures add up. Oracle countered that only it had access to the raw figures, so there. Davidson's 3,000+ word diatribe against bug bounties, security researchers or customers hunting vulnerabilities in …
John Leyden, 18 Aug 2015
The Register breaking news

Bug-hunters: They're coming outta the goddamn walls, aargh!

The organisation that administers the industry standard for classifying computer system security vulnerabilities wants to prepare its classification system for a world with an even greater number of bugs. Mitre Corp is considering adding a 100 times more CVE (Common Vulnerabilities and Exposures) slots each year to accommodate …
John Leyden, 5 Feb 2013

Logicalis thinks CVN architecture is restrictive

Logicalis' new cloud service does not appear to support the secure, multi-tenancy architecture announced to a great fanfare by Cisco, NetApp and VMware (CVN) yesterday. It sounds like it should, as Logicalis describes its Cooperative Enterprise Cloud Service as being built on Cisco’s Unified Computing System (UCS) and NetApp …
Chris Mellor, 28 Jan 2010
vulture tv reporter

Remember CVE? Say hello to CVN

Move over EMC: NetApp is also partnering with Cisco and VMware. In an imitation of the CVE (Cisco, VMware and EMC) vBlock integrated stack concept, Cisco, NetApp and VMware have settled on an integrated stack architecture - without the orderable integrated blocks of product and an Acadia-like entity. The CVN coterie have …
Chris Mellor, 26 Jan 2010

Create a news alert about cve, or find more stories about cve.

Biting the hand that feeds IT © 1998–2018