847.221.0200  Main Office

Halock Blog


CVE-2014-4980 Parameter Tampering in Nessus Web UI – Remote Information Disclosure »

Title: CVE-2014-4980 Parameter Tampering in Nessus Web UI – Remote Information Disclosure
Product: Nessus
Vendor: Tenable Network Security
Version: Nessus 5.2.3-5.2.7 – Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote … Read More »


Beyond Target®: Why Vendor Risk Management is Getting All of the Hype »

The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management.  After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant third party that didn’t seem to have direct … Read More »


Cyber-Espionage: Every Business is a Target »

For those of us in the world of information security, the news of Attorney General Eric Holder bringing a first-of-its-kind criminal cyber-espionage case against Chinese military officials is no surprise at all. For years, the Chinese have been known for launching cyber-attacks on American industrial and military targets to steal prized military secrets and … Read More »


HALOCK’s Eve Adams Named One of Business Insider’s 100 Most Influential Tech Women on Twitter »

Eve Adams (@HackerHuntress), Senior Talent Acquisition Expert, was recently named one of Business Insider’s 100 Most Influential Tech Women on Twitter. As the team lead of HALOCK’s information security recruiting function, Eve uses Twitter to engage with clients and candidates, research industry trends, publicize HALOCK’s hot infosec jobs, and have fun with … Read More »


Understanding and Fixing the Heartbleed Vulnerability »

Now that you know that Heartbleed is potentially exposing your secure systems to malicious hackers, you need to know what to do about it. Not only does that mean you need to secure your systems (even the ones you don’t yet know use Open SSL), but you also need to be able to understand … Read More »

View Older Posts