Security: Git Patch, Endpoint Security, More Patches and Respectre™
Git 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1, and 2.19.1
Git Users Should Get To Updating Due To An Arbitrary Code Execution Vulnerability
Git maintainer Junio Hamano issued new versions of this widely-used version control system today going back to the Git 2.14 release series in order to address a new security vulnerability.
This latest Git vulnerability is CVE-2018-17456 and allows for an attacker to execute arbitrary code. This arbitrary code execution can be achieved via modifying the .gitmodules file in a project being cloned through a --recurse-submodules call.
Endpoint Security: It's Way More Complicated than You Think
The term "endpoint security" is often used by vendors and security professionals alike, but what is it really all about? While it might seem obvious that endpoint security by definition is all about defending endpoints, as opposed to say networks, there are many levels of nuance and technologies involved in endpoint security.
In a session at the SecTor security conference in Toronto, Kurtis Armour, principal security specialist at Scalar Decisions, provided an overview of the endpoint security landscape from a penetration tester's point of view.
Endpoint protection technologies are intended to give organizations the ability to detect and respond to security events within their environments.
Security updates for Friday
Open Source Security Inc. Announces Respectre™: The State of the Art in Spectre Defenses
