August 30, 2022
At Trellix, we are driven to help those who dedicate themselves to cybersecurity – whether they work at Trellix or elsewhere. Trellix is taking concrete steps to increase diversity and foster a culture of soulful work through programs and parternerships that open pathways for traditionally underrepresented communities.
By Britt Norwood · August 30, 2022
Our team understands the critical role organizations like AWS play in efforts to drive premium threat detection no matter a customer’s security architecture. We continuously look for partners with a similar desire to grow and innovate to relieve pain points for SecOps teams.
This blog is the third and final of a multi-part series focused on vulnerability discovery in a widely used access control system and describes our research journey from target acquisition all the way through exploitation, beginning with the vendor and product selection and a deep dive into the hardware hacking techniques.
By Trellix · September 23, 2022
Join #TeamTrellix for the first-ever Trellix Xpand Live September 27-29, at the Aria Hotel in Las Vegas, where the world’s largest network of cybersecurity experts will unite in our shared mission: To power a resilient, thriving world!
By Kent Landfield · September 23, 2022
Today CVE is used in all aspects of vulnerability identification and reporting. There is an urban myth that if there is a CVE issued, there is a fix associated. Yes, I have heard that many times over the years. That, however, is NOT the case.
By Ken Kartsen · September 22, 2022
This week, Trellix announced that Karan Sondhi will be joining us as Chief Technology Officer for Public Sector. In this role, he will define and lead the implementation of the company’s public sector technology strategy.
By Kasimir Schulz · September 21, 2022
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive.
By Douglas McKee · September 21, 2022
While investigating an unrelated vulnerability our team stumbled across this issue present in an enterprise device. Initially we thought we had found a new zero-day vulnerability. As we dug into the issue, we realized this was CVE-2007-4559. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
Sep 21, 2022
Trellix Launches Advanced Research Center, Finds Estimated 350K Open-Source Projects at Risk to Supply Chain Vulnerability
Sep 1, 2022
Kim Anstett Appointed Trellix Chief Information Officer
Aug 15, 2022
XDR Momentum Grows as Industry Calls for Solution to Common Security Challenges
Jul 26, 2022
Trellix Achieves AWS Security Competency Status
Jul 18, 2022
Trellix Finds Business Services Top Target of Ransomware Attacks
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.