VENOM Vulnerability: The Newest Threat to Your System’s Cyber Health

Ersin Domangue, Independent Security Evaluators
May 21st, 2015

The security firm CrowdStrike recently revealed a vulnerability that its staff discovered in QEMU-based virtual machine (VM) products (CVE-2015-3456). These include Xen, KVM, and VirtualBox. VMWare products, Bochs and Hyper-V, are not affected. The vulnerability, which they call "VENOM" (Virtualized Environment Neglected Operations Manipulation), can lead to complete control of a host computer, as well as access to all of the VMs running on the machine. VM vendors have or will have updates, and system administrators should apply them as soon as they are available.
Cyber Security: The Gateway to Career Success

Lisa Green, Independent Security Evaluators
May 14th, 2015

A notable weakness in most organizations’ security program is a lack of trained, experienced, and available security resources; to protect their assets, organizations require talented professionals with both technical and soft skills to create, define, and implement these programs. While the need is growing, the bar is set high. To work among the elite in the field in a career that allows for expansive professional growth, consider what it takes to get there. The need for talented cyber security analysts will continue to grow, and choosing to work in the industry is not only a timely career choice that allows for professional growth, but it is also a rewarding one that allows for personal growth and directly benefits companies and their stakeholders.
Don't Believe Everything You Read: Security Bugs in Reference Materials

Jacob Thompson, Independent Security Evaluators
April 10th, 2015

In this post, we consider the impact that the explosion of new software frameworks, and the frequent need to shift between them, has on security: (1) the tendency to use technologies without fully understanding them, (2) the use of non-peer reviewed sources for assistance and documentation when solving a problem, and (3) the presence of security bugs in code examples in printed materials from respected publishers. Finally, we conclude with recommendations for developers and authors to help avoid inadvertent subtle security bugs as a result of relying on or producing faulty documentation.
Superfish and Lessons not Learned - Preloaded Malware

Mark Goldman, Independent Security Evaluators
Feb. 21st, 2015

ISE has been finding more and more suspicious bloatware on Windows operating systems in past years. Just this past week, this issue came to a head with the discovery of the Superfish malware disguised as bloatware on Lenovo machines. ISE gives its take on this topic here.
Which SSL/TLS Protocol Versions and Cipher Suites Should I Enable on My Server?

Jacob Thompson, Independent Security Evaluators
Jan. 19th, 2015

ISE customers have recently asked how they should configure the SSL/TLS libraries on their servers to avoid any known security vulnerabilities. Here are our recommendations.
Case Studies
Contact us

Copyright 2005-2013 Independent Security Evaluators, LLC. All rights reserved.