Security News > 2020 > March > 2020 cybersecurity risks: Insecure security tools, supply chains, abandonware
During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies.
Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.
Kaspersky Internet Security Whitelisting Bypass Defense Evasion Uncontrolled search path, no digital certificate validation Comodo Internet Security DLL Preloading No digital certificate validation, AV has no self-protection on its folders McAfee - All Editions Defense Evasion Signed Execution Whitelisting Bypass No digital signature validation Avira Antivirus 2019 Defense Evasion Signed Execution Whitelisting Bypass No digital certificate validation, no self-protection for the Launcher folder.
Identifying risks of potential UEPs should be a collective goal of the security community in 2020.
Some technology providers make it very easy to find the right people by publicly posting security policies and providing dedicated security emails.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/7y6mdPlFavg/
Related news
- Hottest cybersecurity open-source tools of the month: February 2025 (source)
- Spring clean your security data: The case for cybersecurity data hygiene (source)
- New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released (source)
- Hottest cybersecurity open-source tools of the month: March 2025 (source)
- 3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Bill (source)
- GitHub expands security tools after 39 million secrets leaked in 2024 (source)
- What native cloud security tools won’t catch (source)