Security News > 2020 > March > 2020 cybersecurity risks: Insecure security tools, supply chains, abandonware
During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies.
Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.
Kaspersky Internet Security Whitelisting Bypass Defense Evasion Uncontrolled search path, no digital certificate validation Comodo Internet Security DLL Preloading No digital certificate validation, AV has no self-protection on its folders McAfee - All Editions Defense Evasion Signed Execution Whitelisting Bypass No digital signature validation Avira Antivirus 2019 Defense Evasion Signed Execution Whitelisting Bypass No digital certificate validation, no self-protection for the Launcher folder.
Identifying risks of potential UEPs should be a collective goal of the security community in 2020.
Some technology providers make it very easy to find the right people by publicly posting security policies and providing dedicated security emails.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/7y6mdPlFavg/
Related news
- Develop Valuable Cyber Security Skills Over a Lifetime for Only $56 (source)
- Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics (source)
- 7 Best Cloud Security Posture Management (CSPM) Tools for 2024 (source)
- Third-party vendors pose serious cybersecurity threat to national security (source)
- 20 free cybersecurity tools you might have missed (source)
- How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams (source)
- Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024 (source)
- B+ security rating masks healthcare supply chain risks (source)