Vicarius partners with CISA to raise awareness of software vulnerabilities during Cybersecurity Awareness Month
NEW YORK–(BUSINESS WIRE)–Vicarius, creators of vsociety, the open and independent social community for search and security professionals, announced the release of new security research detailing several new exploits for popular developer tools. The posting comes with the goal of amplifying safe hygiene practices during CISA’s Cybersecurity Awareness Month.
October 2022 marks the 19th anniversary of National Cybersecurity Awareness Month, with this year’s campaign theme – “See Yourself in Cyber” – demonstrating that while cybersecurity may seem like a complex subject in itself, it is really is a question of people. In alliance with the Cybersecurity and Infrastructure Security Agency (CISA), which uses the month to raise awareness of good cyber hygiene, Vicarius seeks to improve the security posture of organizations by publishing new research as well as measures to mitigate the risk.
Among the releases, which are provided to the community by independent researchers and validated by Vicarius, is a zero-day vulnerability for a popular Python development tool called yacmmal. In the post, anonymous researcher “M” lays out the steps taken to compromise the app and execute code remotely, going further to warn “as this exploit is not known and no patch is available, use of the package should be avoided until fixes are public”, while providing a workaround for temporary protection.
In a few later posts to the community, the same researcher details an exploit at a beloved development resource called Flask as well as a method to exploit a deserialization vulnerability in a python library called Jsonpickle. These two examples illustrate the potential for remote code execution and the steps required to mitigate the threat. Vicarius emphasizes the importance of providing mitigation details for any exploit posted on vsociety. Research is only published on the platform if it follows responsible disclosure and is accompanied by details and documentation of corrective actions.
“Our goal is to make organizations more aware of potential vulnerabilities in the wild and provide the necessary measures to protect against them,” explained Michael Assraf, CEO of Vicarius. “With the growing popularity and importance of Awareness Month, we aim to go beyond the typical materials provided by other CISA partners, by encouraging awareness of never-before-seen savage threats that all security teams should be aware of. .”
Vicarius will post additional research to be posted on vsociety throughout the month.
For more information about shared exploit research on vsociety, interested parties can visit https://vsociety.io or contact [email protected]
Vicarius helps security teams protect their most critical applications and assets from software exploitation through TOPIA, the company‘s end-to-end vulnerability remediation platform. Founded by three security experts and backed by leading Silicon Valley investors, Vicarius’ mission is to provide customers with problem-solving solutions that proactively reduce risk wherever computer software resides.