Cybersecurity firm Trellix has announced the establishment of its Advanced Research Center, a group of security analysts and researchers that aims to produce actionable real-time threat intelligence and indicators to help customers stay protected against the latest cybersecurity threats.
The company’s Advanced Research Center comes as the threat landscape continues to expand in scale and sophistication and as threat actors investing in talent and tools, says Aparna Rayasam, Trellix’s chief product officer.
“We do this work to make our digital and physical worlds safer for everyone,” Rayasam says. “With adversaries strategically investing in talent and technical know-how, the industry has a duty to study the most combative actors and their methods to innovate at a faster rate.”
Trellix says its Advanced Research Center has the cybersecurity industry’s most comprehensive charter and is at the forefront of emerging methods, trends and actors across the threat landscape. The center will provide intelligence and cutting-edge content to security analysts while powering the company’s XDR platform.
In coordination with the launch of the Advanced Research Center, the company also published new research into a vulnerability in the Python tarfile module that is estimated to be present in over 350,000 open-source projects and other closed-source projects.
The module is used in frameworks created by Netflix, AWS, Intel, Facebook, Google and other applications used for machine learning, automation and docker containerization. The bug can be exploited by uploading a malicious file generated with two or three lines of code, allowing attackers to execute arbitrary code or take control of a targeted device.
The company has released a tool for developers to check in their applications are vulnerable on the Advanced Research Center’s GitHub page. Trellix is also working to protect open-source projects from this vulnerability by pushing code via GitHub.