1 min
Nexpose
CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin
On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's
WebEx browser plugin extension that could allow attackers to perform a remote
code execution (RCE) exploit on any Windows host running the plugin.
An initial fix was pushed out by Cisco that warned a user if they were launching
a meeting from a domain other than *.webex.com or *.webex.com.cn, however, the
fix was questioned by April King from Mozilla
[https://bugs.chromium.org/p/project-zero/issues/detail?id=1096#c
Read Full Post
2 min
AppSpider
Validate Web Application Security Vulnerabilities with AppSpider's New Chrome Plug-In
AppSpider's Interactive Reports Go Chrome
We are thrilled to announce a significant reporting enhancement to AppSpider,
Rapid7's dynamic application security scanner
[https://www.rapid7.com/products/appspider/]. AppSpider now has a Chrome Plug-in
that enables users to open any report in Chrome and be able to use the real-time
vulnerability validation feature without the need for Java or having to zip up
the folder and send it off. This makes reporting and troubleshooting even
easier!
Enabling
Read Full Post
5 min
Vulnerability Management
Using the National Vunerability Database to Reveal Vulnerability Trends Over Time
This is a guest post by Ismail Guneydas. Ismail Guneydas is senior technical
leader with over ten years of experience in vulnerability management, digital
forensics, e-Crime investigations and teaching. Currently he is a senior
vulnerability manager at Kimberly-Clark and an adjunct faculty at Texas A&M. He
has M.S. in computer science and MBA degrees.
2015 is in the past, so now is as good a time as any to get some numbers
together from the year that was and analyze them. For this blog post,
Read Full Post