In his spare time, Ákos Jakab studies the ancient practice of cartography. So while that has gone out of favor for modern substitutes like geospatial technology, he still scratched that map itch while decoding this RCE in GeoServer. In this analysis, he brings you on a wild ride from PoC to patch diffing and everything in between. If there was such a thing as coloring outside the lines in CVE analysis, Akos hit the nail on the head. Strap in and get ready to fly 🛸
Vicarius
Computer and Network Security
New York, NY 12,087 followers
Leading the pack in vulnerability remediation.
About us
Vicarius helps security and IT teams protect their most critical apps and assets against software exploitation through vRx, a consolidated end-to-end vulnerability remediation platform. Headquartered in New York and backed by tier-one Silicon Valley investors, Vicarius was founded by security experts on a mission to provide problem-solving remediation solutions that proactively reduce risk wherever assets reside. Effortlessly find and eliminate threats while reducing the strain on internal security resources, freeing up personnel to focus on other mission-critical tasks without sacrificing security. Get started for free today or learn more at https://vicarius.io
- Website
-
https://vicarius.io
External link for Vicarius
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- New York, NY
- Type
- Privately Held
- Founded
- 2016
- Specialties
- Cyber, CDS, Malwares, APT, Capability Driven Security, Application Security, Risk Assessment, Vulnerability Assessment, Security, and Vulnerability Management
Products
vRx
Vulnerability Scanners
Vicarius' vRx is engineered as the most robust vulnerability remediation platform, safeguarding your business against escalating risks. Powered by AI and community-driven insights, our platform delivers native patching, scripting, and patchless protection to keep you safe and secure.
Locations
-
Primary
122 Grand St
New York, NY 10013, US
-
154 Menachem Begin
Tel-Aviv, Tel-Aviv District 6492107, IL
Employees at Vicarius
-
Sebastian Naumann
CEO & Founder, Inline Sales GmbH - Innovation, Incubation, Acceleration
-
Noam Rathaus
Angel Investor, Founder at Beyond Security Seed Investor at Eclypsium Angel Investor at FLYTech Investor at DeviceTotal (formerly ArcusTeam) CTO at…
-
Justine Cross
-
Shira Kaplan
Cyber-Security Entrepreneur & Investor | Board Advisor to Selected Cyber-Security Startups | WEF Young Global Leader (2017) | Bilanz 100 Digital…
Updates
-
🤡 Villain of the Week 🤡 CVE-2024-41110, aka Docker Despot, allows attackers to bypass authorization plugins (AuthZ), potentially leading to unauthorized access and privilege escalation. 📌 Why It Matters: Disabling AuthZ plugins and keeping Docker up-to-date are crucial steps in preventing potential exploits. Even though the probability of exploitation is low, the impact could be really severe, particularly in production environments. 📋 Who is Impacted? Users of Docker Engine v19.03.x and later versions who rely on authorization plugins to make access control decisions are impacted by this vulnerability. Patched versions: > v23.0.14, > v26.1.4, > v27.1.0 🔧 How to Protect Yourself: To combat this threat, our cyber heroes offer both detection and remediation scripts that not only will find CVE-2024-41110 but also disable vulnerable AuthZ plugins and update Docker to the latest secure version. 💡 Get Started, use this scripts: Detection: https://lnkd.in/gfucS8tf Mitigation: https://lnkd.in/gMdUVF5S
-
-
It's date night. What are you watching? 📽 🍿 1. No Time to Patch 🍿 2. Patch Me If You Can 🍿 3. The Spy Who Patched Me 🍿 4. Willy Wonka and the Patch Factory 🍿 5. The Patch is Not Enough 🍿 6. Indiana Jones and The Last Patch Tuesday 🍿 7. The Patch Tuesday Massacre 🍿 8. The Van Rossum Code 🍿 9. Never Say Update Again
-
-
Let's welcome our Wolfpack Star, Jordan Hamblen! We are thrilled to celebrate your exceptional work and dedication, and we proudly recognize your achievement in winning this quarter's award. 🏆 "Congratulations to Jordan, Vicarius Employee of the Quarter! Jordan’s dedication and exceptional post-sales support have empowered hundreds of customers to maximize the benefits of vRx. With a consistently great attitude, outstanding teamwork, and unwavering optimism, even during customer escalations, Jordan embodies the Vicarius value of aspiring high and achieving higher." — Eyal Worthalter, VP Sales, US 🌟 To many more Jordan’s remarkable achievements! 🎉👏
-
-
Sure, Jamaica Broilers Group Limited is in the hatching 🐣 business, but they needed a way to keep up with the patching business, too (don't we all 😜). This comic book inspired case study takes you through the trials, tribulations, and—ultimately—the triumph over the tyranny of vulnerabilities. Come and be another success story 🙂
-
An ancient vulnerability has risen from the tomb! 🧟♂️ CVE-2012-4792 has been excavated and added to the Cybersecurity and Infrastructure Security Agency's KEV list. This ancient bug used watering hole attacks to exploit Internet Explorer versions 6-8 back when Obama was running for his second term. The good news: it's unlikely that new attacks are occurring on legacy systems like Windows XP, Vista, or 7. The bad news: the reason for CISA KEV's recent addition of this vulnerability is unclear, but it serves as a crucial reminder that old systems are still vulnerable. Protect yourself 🥋 🔎 Use this Detection Script to see if you're vulnerable: https://lnkd.in/gNhTAqFk 🛡️ Use this Remediation Script to shield your system: https://lnkd.in/gmffhXmf While the exact reason for CISA's action isn't clear, let’s take this opportunity to review and secure our older systems....even if they are ancient 😛
-