Trellix, a cybersecurity company that is delivering the future of extended detection and response (XDR), has announced the creation of the Trellix Advanced Research Center to advance global threat intelligence. The Advanced Research Center, comprised of hundreds of the world’s most elite security analysts and researchers, generates actionable real-time intelligence and threat indicators to assist customers in detecting, responding to, and remediating the most recent cybersecurity threats.
“The threat landscape is scaling in sophistication and potential for impact,” said Aparna Rayasam, Chief Product Officer, Trellix. “We do this work to make our digital and physical worlds safer for everyone. With adversaries strategically investing in talent and technical know-how, the industry has a duty to study the most combative actors and their methods to innovate at a faster rate.”
Trellix Advanced Research Center has the most comprehensive charter in the cybersecurity industry and is at the forefront of emerging methods, trends, and actors across the threat landscape. Trellix Advanced Research Center, the premier partner of security operations teams worldwide, provides intelligence and cutting-edge content to security analysts while powering our leading XDR platform.
In conjunction with the launch, Trellix Advanced Research Center published its findings on CVE-2007-4559, a vulnerability estimated to exist in over 350,000 open-source projects and to be common in closed-source projects. It is present in the Python tarfile module, which is the default module in any Python project, and is widely used in frameworks created by Netflix, AWS, Intel, Facebook, and Google, as well as applications used for machine learning, automation, and docker containerization. The vulnerability can be exploited by uploading a malicious file created with two or three lines of simple code, allowing attackers to execute arbitrary code or gain control of a target device.
“When we talk about supply chain threats, we typically refer to cyber-attacks like the SolarWinds incident, however building on top of weak code-foundations can have an equally severe impact,” said Christiaan Beek, Head of Adversarial & Vulnerability Research, Trellix. “This vulnerability’s pervasiveness is furthered by industry tutorials and online materials propagating its incorrect usage. It’s critical for developers to be educated on all layers of the technology stack to properly prevent the reintroduction of past attack surfaces.”
To advance computing and innovation, open-source developer tools such as Python are required, and protection from known vulnerabilities necessitates industry collaboration. Trellix is working to protect open-source projects from the vulnerability by pushing code via GitHub pull request. On Trellix Advanced Research Center’s GitHub, a free tool for developers to check if their applications are vulnerable is available.