Friday, September 11, 2015

Fireye tries to stifle its vulnerabilities in its suite from public disclosure

Felix Wilhelm, a security researcher for ERNW GmBH, made FireEye aware of the vulnerabilities five months ago, and reportedly worked with the company to help them resolve the issues successfully. But FireEye eventually decided that no disclosure of the vulnerabilities should be allowed to take place.
FireEye, founded in 2004, is a leading network security company focused on protecting businesses from malware, zero-day exploits and other cyber attacks. The U.S.-based firm has over 2,500 customers globally, including Fortune 500 companies and many federal departments. FireEye was tightly involved in cyber investigations following the high-profile attacks on Sony Pictures and Anthem.
Leading network security company FireEye, which has customers in government and the Fortune 500 list, has caused a controversy at a London security conference today after its legal attempts to stop a keynote speech detailing the repair of major security loopholes in its customer-facing systems this year. Reported among these now-fixed vulnerabilities were the running of a significant number of FireEye's Apache-based security servers as 'root' — meaning that any attacker able to compromise the servers would have had absolute power over all its operations and commercial connections.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.