2020 cybersecurity risks: Insecure security tools, supply chains, abandonware

2020-03-23 05:00

During 2019 a SafeBreach research team discovered major vulnerabilities in widely used security products that were written and tested by reputable cybersecurity companies.

Product What can happen Underlying flaws Trend Micro Maximum Security 2019 and 2020 DLL Search-Order Hijacking Signed Execution Whitelisting Bypass Uncontrolled search path, no digital certificate validation against the binary.

Kaspersky Internet Security Whitelisting Bypass Defense Evasion Uncontrolled search path, no digital certificate validation Comodo Internet Security DLL Preloading No digital certificate validation, AV has no self-protection on its folders McAfee - All Editions Defense Evasion Signed Execution Whitelisting Bypass No digital signature validation Avira Antivirus 2019 Defense Evasion Signed Execution Whitelisting Bypass No digital certificate validation, no self-protection for the Launcher folder.

Identifying risks of potential UEPs should be a collective goal of the security community in 2020.

Some technology providers make it very easy to find the right people by publicly posting security policies and providing dedicated security emails.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/7y6mdPlFavg/

#cybersecurity #security #supplychain #tools

News URL

Related news