1 min
Nexpose
CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin
On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's
WebEx browser plugin extension that could allow attackers to perform a remote
code execution (RCE) exploit on any Windows host running the plugin.
An initial fix was pushed out by Cisco that warned a user if they were launching
a meeting from a domain other than *.webex.com or *.webex.com.cn, however, the
fix was questioned by April King from Mozilla
[https://bugs.chromium.org/p/project-zero/issues/detail?id=1096#c
2 min
AppSpider
Validate Web Application Security Vulnerabilities with AppSpider's New Chrome Plug-In
AppSpider's Interactive Reports Go Chrome
We are thrilled to announce a significant reporting enhancement to AppSpider,
Rapid7's dynamic application security scanner
[https://www.rapid7.com/products/appspider/]. AppSpider now has a Chrome Plug-in
that enables users to open any report in Chrome and be able to use the real-time
vulnerability validation feature without the need for Java or having to zip up
the folder and send it off. This makes reporting and troubleshooting even
easier!
Enabling
5 min
Vulnerability Management
Using the National Vunerability Database to Reveal Vulnerability Trends Over Time
This is a guest post by Ismail Guneydas. Ismail Guneydas is senior technical
leader with over ten years of experience in vulnerability management, digital
forensics, e-Crime investigations and teaching. Currently he is a senior
vulnerability manager at Kimberly-Clark and an adjunct faculty at Texas A&M. He
has M.S. in computer science and MBA degrees.
2015 is in the past, so now is as good a time as any to get some numbers
together from the year that was and analyze them. For this blog post,