Electronics Era

  • About Us
  • Advertise with Us
  • Contact Us
Header logo on website
Menu
  • News
    • Industry News
    • Product News
  • TECH ROOM
    • Semiconductor
    • AI/ML
    • Industry 4.0
    • IoT-Internet of Things
    • Robotic
    • Sensor
    • Security
    • VR / AR
    • Embedded
    • Power Electronics
    • Smart Machine
    • LED & Lighting
    • Medical Electronics
    • Telecom
    • Blockchain
    • Automation
    • 5G/6G
    • SMT/PCB/EMS
  • AUTOMOTIVE ELECTRONICS
    • EVs
    • HEVs
    • ADAS
    • Connected Cars
  • A & D
  • T & M
    • 5G testing
    • Oscilloscopes
    • SDN & NFV
    • RF & Wireless
  • RENEWABLES
    • Sustainability
  • DATA & CLOUD
    • Data Center
    • Cloud Computing
    • Big Data Analytics
  • Editor’s Pick
    • Tech Blog
    • Tech Article
    • White Papers
    • In Talks
    • Market Research
  • MORE
    • Webinars
    • Events
    • E-Mag
    • Subscription
    • Contact Us
  • News
    • Industry News
    • Product News
  • TECH ROOM
    • Semiconductor
    • AI/ML
    • Industry 4.0
    • IoT-Internet of Things
    • Robotic
    • Sensor
    • Security
    • VR / AR
    • Embedded
    • Power Electronics
    • Smart Machine
    • LED & Lighting
    • Medical Electronics
    • Telecom
    • Blockchain
    • Automation
    • 5G/6G
    • SMT/PCB/EMS
  • AUTOMOTIVE ELECTRONICS
    • EVs
    • HEVs
    • ADAS
    • Connected Cars
  • A & D
  • T & M
    • 5G testing
    • Oscilloscopes
    • SDN & NFV
    • RF & Wireless
  • RENEWABLES
    • Sustainability
  • DATA & CLOUD
    • Data Center
    • Cloud Computing
    • Big Data Analytics
  • Editor’s Pick
    • Tech Blog
    • Tech Article
    • White Papers
    • In Talks
    • Market Research
  • MORE
    • Webinars
    • Events
    • E-Mag
    • Subscription
    • Contact Us
Home News Industry News

Trellix announced establishment of The Trellix Advanced Research Center

Trellix Launches Advanced Research Center, Finds Estimated 350K Open-Source Projects at Risk to Supply Chain Vulnerability

Editorial by Editorial
September 22, 2022
in Industry News
Reading Time: 3 mins read
Trellix Advanced Research Center
Share on FacebookShare on Twitter

SAN JOSE, Calif. : Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence. Comprised of hundreds of the world’s most elite security analysts and researchers, the Advanced Research Center produces actionable real-time intelligence and threat indicators to help customers detect, respond and remediate the latest cybersecurity threats.   

“The threat landscape is scaling in sophistication and potential for impact,” said Aparna Rayasam, Chief Product Officer, Trellix. “We do this work to make our digital and physical worlds safer for everyone. With adversaries strategically investing in talent and technical know-how, the industry has a duty to study the most combative actors and their methods to innovate at a faster rate.” 

Trellix Advanced Research Center has the cybersecurity industry’s most comprehensive charter and is at the forefront of emerging methods, trends and actors across the threat landscape. The premier partner of security operations teams across the globe, Trellix Advanced Research Center provides intelligence and cutting-edge content to security analysts while powering our leading XDR platform.

Additional information can be found on the Trellix Advanced Research Center blog and in our Threat Center.  

Python Tarfile Vulnerability Highlights Software Supply Chain Complexities

In coordination with today’s launch, Trellix Advanced Research Center also published its research into CVE-2007-4559, a vulnerability estimated to be present in over 350,000 open-source projects and prevalent in closed-source projects. It exists in the Python tarfile module which is a default module in any project using Python and is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google, and applications used for machine learning, automation and docker containerization. The vulnerability can be exploited by uploading a malicious file generated with two or three lines of simple code and potentially allows attackers arbitrary code execution, or control of a target device.  

“When we talk about supply chain threats, we typically refer to cyber-attacks like the SolarWinds incident, however building on top of weak code-foundations can have an equally severe impact,” said Christiaan Beek, Head of Adversarial & Vulnerability Research, Trellix. “This vulnerability’s pervasiveness is furthered by industry tutorials and online materials propagating its incorrect usage. It’s critical for developers to be educated on all layers of the technology stack to properly prevent the reintroduction of past attack surfaces.” 

Open-source developer tools, like Python, are necessary to advance computing and innovation, and protection from known vulnerabilities requires industry collaboration. Trellix is working to push code via GitHub pull requests to protect open-source projects from the vulnerability. A free tool for developers to check if their applications are vulnerable is available on Trellix Advanced Research Center’s GitHub.  

Additional Resources

  • Trellix Threat Center
  • Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
  • Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities
  • Limiting the Software Supply Chain Attack Surface
  • Trellix GitHub
Tags: cybersecurityTrellixTrellix Advanced Research Center
Editorial

Editorial

Join Our Newsletter

* indicates required
Tweets by Era Electronics
Electronics Era

Electronics Era, India's no.1 growing B2B news forum on Electronics and Cutting Edge Technology is exploring the editorial opportunity for organizations working in the Electronics Manufacturing Services(EMS) Industry.

Follow Us

Browse by Category

  • 5G testing
  • 5G/6G
  • A & D
  • ADAS
  • AI/ML
  • Automation
  • AUTOMOTIVE ELECTRONICS
  • Big Data Analytics
  • Blockchain
  • Cloud Computing
  • Connected Cars
  • DATA & CLOUD
  • Data Center
  • Embedded
  • EVs
  • HEVs
  • In Talks
  • Industry 4.0
  • Industry News
  • IoT-Internet of Things
  • LED & Lighting
  • Market Research
  • Medical Electronics
  • News
  • Oscilloscopes
  • Power Electronics
  • Product News
  • RENEWABLES
  • RF & Wireless
  • Robotic
  • SDN & NFV
  • Security
  • Semiconductor
  • Sensor
  • Smart Machine
  • SMT/PCB/EMS
  • Sustainability
  • T & M
  • Tech Article
  • Tech Blog
  • TECH ROOM
  • Telecom
  • Uncategorized
  • VR / AR
  • White Papers

Recent News

LDRA

LDRA Celebrates 25th Anniversary of MISRA C

March 24, 2023
LDRA MISRA C

LDRA Announced the Addition of the Latest MISRA C:2023 Guidelines

March 24, 2023
  • About Us
  • Advertise with Us
  • Contact Us

© 2022-23 TechZone Print Media | All Rights Reserved

No Result
View All Result
  • News
    • Industry News
    • Product News
  • TECH ROOM
    • Semiconductor
    • AI/ML
    • Industry 4.0
    • IoT-Internet of Things
    • Robotic
    • Sensor
    • Security
    • VR / AR
    • Embedded
    • Power Electronics
    • Smart Machine
    • LED & Lighting
    • Medical Electronics
    • Telecom
    • Blockchain
    • Automation
    • 5G/6G
    • SMT/PCB/EMS
  • AUTOMOTIVE ELECTRONICS
    • EVs
    • HEVs
    • ADAS
    • Connected Cars
  • A & D
  • T & M
    • 5G testing
    • Oscilloscopes
    • SDN & NFV
    • RF & Wireless
  • RENEWABLES
    • Sustainability
  • DATA & CLOUD
    • Data Center
    • Cloud Computing
    • Big Data Analytics
  • Editor’s Pick
    • Tech Blog
    • Tech Article
    • White Papers
    • In Talks
    • Market Research
  • MORE
    • Webinars
    • Events
    • E-Mag
    • Subscription
    • Contact Us

© 2022-23 TechZone Print Media | All Rights Reserved