March 2024

CVE-2024-3094 XZ Backdoor: All you need to know

Mar 31, 2024 By Shachar Menashe In JFrog

On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within XZ Utils, a widely used package present in major Linux distributions (The GitHub project originally hosted here is now suspended). Fortunately, the malicious code was discovered quickly by the OSS community and managed to infect only two of the most recent versions of the package, 5.6.0 and 5.6.1, which were released within the past month.

Read Post

JFrog

Read more about CVE-2024-3094 XZ Backdoor: All you need to know

Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users

Mar 31, 2024 By Amit Schendel In ARMO

On March 29, 2024, Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of performance issues in SSH connections. This led to the exposure of a major supply chain attack where a compromised library was inserted into sshd and exploited during the authentication process.

Read Post

ARMO

Read more about Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users

The XZ Backdoor CVE-2024-3094

Mar 31, 2024 By Liran Tal In Snyk

Unveiled on the 29th of March 2024 is the high-stakes investment and prolonged campaign by a malicious actor to plant a backdoor in the Linux software library liblzma to gain access to multiple operating systems via Linux distributions, which arguably worked out successfully. That is until a curious engineer noticed a glitch. Currently known affected upstream software and proposed mitigation.

Read Post

Snyk

Read more about The XZ Backdoor CVE-2024-3094

Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise

Mar 31, 2024 By Tom Abai In Mend

*April 1 update. it was confirmed that Fedora 40 is not affected by the backdoor. However, users should still downgrade to a 5.4 build to be safe. On March 29th, 2024, a critical CVE was issued for the XZ-Utils library. This vulnerability allows an attacker to run arbitrary code remotely on affected systems. Due to its immediate impact and wide scope, the vulnerability has scored 10 for both CVSS 3.1 and CVSS 4, which is the highest score available.

Read Post

Mend

Read more about Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise

A Day In The Life of a Security Leader

Mar 30, 2024 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about A Day In The Life of a Security Leader

CVE-2024-3094: Detecting the SSHD backdoor in XZ Utils

Mar 29, 2024 By Michael Clark In Sysdig

On March 29th, 2024, a backdoor in a popular package called XZ Utils was announced on the Openwall mailing list. This utility includes a library called liblzma which is used by SSHD, a critical part of the Internet infrastructure used for remote access. When loaded, the CVE-2024-3094 affects the authentication of SSHD potentially allowing intruders access regardless of the method.

Read Post

Sysdig

Read more about CVE-2024-3094: Detecting the SSHD backdoor in XZ Utils

Securing your SBOM on Google Cloud

Mar 28, 2024 By David Lugo In Snyk

Over the past few years, software supply chain security has been top of mind for governments and businesses alike. Following Log4Shell in late 2021, the Biden administration’s National Cybersecurity Strategy started focusing on open source supply chain security. The National Security Agency (NSA) recently released new guidance on securing open source software supply chains.

Read Post

Snyk

Read more about Securing your SBOM on Google Cloud

Veracode Customers Shielded from NVD Disruptions

Mar 28, 2024 By Nova Trauben In Veracode

The US National Institute of Standards and Technology (NIST) has almost completely stopped analyzing new vulnerabilities (CVEs) listed in its National Vulnerability Database (NVD). Through the first six weeks of 2024, NIST analyzed over 3,500 CVEs with only 34 CVEs awaiting analysis.1 Since February 13th, however, nearly half (48%) of the 7,200 CVEs received this year by the NVD are still awaiting analysis.2 The number of CVEs analyzed has dropped nearly 80% to less than 750 CVEs analyzed.

Read Post

Veracode

Read more about Veracode Customers Shielded from NVD Disruptions

Beyond CVSS: Mitigating Alert Fatigue, Accurately

Mar 28, 2024 By Indusface In Indusface

CVSS score is valuable for assessing open vulnerability risk. However, despite the obvious difference in risk, CVSS scores overlook the distinction between vulnerabilities in staging versus production. This issue compounds with factors such as the number and types of applications, vulnerability types, and zero-day threats. Ultimately, leading to Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

View Video

Indusface

Read more about Beyond CVSS: Mitigating Alert Fatigue, Accurately

What is the Dirty COW exploit, and how to prevent it

Mar 27, 2024 By Eyal Katz In Spectral

Dirty COW, a seemingly light-hearted name, masks a severe Linux privilege escalation issue. This bug has affected many older Linux systems, which is concerning given that 41% of web servers run on Linux. Despite widespread patches in distributions like Ubuntu and Red Hat, Dirty COW remains a threat, particularly to outdated systems. As a significant security flaw, it poses risks to various devices and servers even in 2024.

Read Post

Spectral

Read more about What is the Dirty COW exploit, and how to prevent it

Vulnerability Management Lifecycle in DevSecOps

Mar 27, 2024 By Guest Expert In GitGuardian

In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.

Read Post

GitGuardian

Read more about Vulnerability Management Lifecycle in DevSecOps

How Snyk ensures safe adoption of AI

Mar 27, 2024 By Akanchha Shrivastava In Snyk

The AI revolution is reshaping industries, processes, and the very fabric of software development. As we navigate through this transformative era, it's crucial to understand not only the evolution and application of AI in software development but also the innovative ways in which Snyk, the industry-leading developer security platform, is harnessing AI to enhance security.

Read Post

Snyk

Read more about How Snyk ensures safe adoption of AI

What Does a Solid VM Ticketing Workflow Actually Look Like?

Mar 27, 2024 By Nucleus In Nucleus

In this webinar, Scott Kuffer discusses the challenges and best practices of vulnerability management workflows and ticketing. He emphasizes the discrepancy between vulnerability management teams' priorities and the priorities of the business as a whole. Scott explores different ticketing workflows, starting with basic vulnerability-based tickets and progressing to more advanced options such as asset-based, team-based, and action-based tickets. He highlights the benefits of automating ticket creation and reporting, as well as the potential for redefining how vulnerability management is approached within organizations.

View Video

Nucleus

Read more about What Does a Solid VM Ticketing Workflow Actually Look Like?

4 approaches to vulnerability remediation

Mar 27, 2024 By Natalie Lightner In Synopsys

Vulnerability remediation is the process of identifying weaknesses and design flaws in your applications, prioritizing findings based off of the level of risk they pose, and then performing appropriate actions to resolve them. Options for vulnerability remediation include remediating (fixing) an issue, ignoring it (when it is not risky enough to merit the resources needed to fix it), or applying compensating controls to help counteract the risk posed by the vulnerability.

Read Post

Synopsys

Read more about 4 approaches to vulnerability remediation

7 Steps to Implement an Effective Vulnerability Management Program

Mar 26, 2024 By Ariel Beck In Jit

When a new vulnerability is found, the race is on to either solve it or exploit it (depending on which side you’re on). But while attackers are getting faster, companies not so much. Dev teams take around 215 days to resolve a security vulnerability. The numbers are only marginally shorter when dealing with critical vulnerabilities. This delay is particularly concerning given the rise in zero-day exploits, where hackers take advantage of a security flaw before the organization even knows it exists.

Read Post

Read more about 7 Steps to Implement an Effective Vulnerability Management Program

Quicker Fixes for What Matters Most: Seemplicity Leverages VulnCheck KEV

Mar 26, 2024 By Kevin Swan In Seemplicity

With the Seemplicity platform and VulnCheck KEV, organizations can remediate the riskiest vulnerabilities faster than ever. The integration of the VulnCheck KEV catalog, a community resource that enables security teams to manage vulnerabilities and risk with additional context and evidence-based validation, is available to all Seemplicity platform customers.

Read Post

Seemplicity

Read more about Quicker Fixes for What Matters Most: Seemplicity Leverages VulnCheck KEV

How To Achieve Vulnerability Remediation

Mar 26, 2024 By Sule Tatar In Arctic Wolf

Vulnerabilities are a major risk for organizations, and a major attack vector for threat actors. There were over 29,000 vulnerabilities published in 2023, amounting to over 3,800 more common vulnerabilities and exposure (CVEs) identifiers being issued last year than in 2022. But that doesn’t mean these most recent vulnerabilities are the only ones in a threat actor’s toolbox.

Read Post

Arctic Wolf

Read more about How To Achieve Vulnerability Remediation

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Mar 26, 2024 By Andres Ramos In Arctic Wolf

On March 21, 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands. Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available.

Read Post

Arctic Wolf

Read more about CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

Mar 26, 2024 By Robert Haynes In Veracode

In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let’s examine a simple cross-site scripting (XSS) weakness.

Read Post

Veracode

Read more about Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

NPM Manifest Confusion: Six Months Later

Mar 26, 2024 By Andrey Polkovnichenko In JFrog

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a large threat, allowing malicious actors to deceive developers and hide harmful code from detection.

Read Post

JFrog

Read more about NPM Manifest Confusion: Six Months Later

6 Essential Steps to Use OWASP ZAP for Penetration Testing

Mar 25, 2024 By Shlomi Kushchi In Jit

There's no doubt that no organization wants to be the victim of a cyber attack, but even the most security-minded entity can find itself caught off-guard or exposed when a zero-day exploit is discovered.

Read Post

Read more about 6 Essential Steps to Use OWASP ZAP for Penetration Testing

Understanding Website Vulnerabilities: Exploitation and Prevention

Mar 23, 2024 By Vinugayathri Chinnasamy In Indusface

A website vulnerability refers to a weakness or misconfiguration in the design, implementation, or operation of a website that can be exploited by attackers to compromise its integrity, availability, or confidentiality. These vulnerabilities can exist in various components of a website, including its code, server configuration, database, and third-party plugins or extensions.

Read Post

Indusface

Read more about Understanding Website Vulnerabilities: Exploitation and Prevention

How to Prioritize Vulnerabilities with Checkmarx and Sysdig Runtime Insights

Mar 22, 2024 By Victor Hernando In Sysdig

Back in August 2023, Checkmarx and Sysdig announced a new partnership. This collaboration enables customers of both Checkmarx and Sysdig to leverage the comprehensive visibility offered by Sysdig Runtime Insights to get even more value from the Checkmarx One application security platform.

Read Post

Sysdig

Read more about How to Prioritize Vulnerabilities with Checkmarx and Sysdig Runtime Insights

CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling

Mar 21, 2024 By Kari Hulkko In Synopsys

The Synopsys Cybersecurity Research Center (CyRC) has identified problems in Zephyr OS related to protecting against internet protocol (IP) address spoofing attacks. Zephyr OS is a popular real-time operating system used in connected, resource-constrained systems like Internet of Things and embedded devices. It is highly customizable and supports multiple architectures, systems-on-a-chip, and boards, making it useful for a wide range of applications.

Read Post

Synopsys

Read more about CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling

Getting started with PHP static analysis in 2024

Mar 21, 2024 By Liran Tal In Snyk

PHP is a popular server-side scripting language that is widely used for web development. PHP developers can ship and deploy more high-quality software products by leveraging static analysis tools that help mitigate PHP code errors, security vulnerabilities, and other issues that can impact the quality and security of the application if not addressed early in the development cycle.

Read Post

Snyk

Read more about Getting started with PHP static analysis in 2024

Navigating Zero-day Vulnerabilities: 7 Proactive Steps for Rapid Response

Mar 20, 2024 By Tally Netzer In IONIX

Zero-day vulnerabilities require an emergency response, disrupting proactive security initiatives and placing additional pressure on security teams. Despite not being the primary focus of their daily responsibilities, zero-days, especially those exploited in the wild, capture significant media attention. This often results in managers, executives, and even board members seeking immediate information about the company’s exposure to the latest threats.

Read Post

IONIX

Read more about Navigating Zero-day Vulnerabilities: 7 Proactive Steps for Rapid Response

15 Critical KPIs to Assess Vulnerability Management

Mar 20, 2024 By Vinugayathri Chinnasamy In Indusface

Vulnerability management isn’t just about identifying weaknesses; it’s about effectively addressing them. How do you know if you’re on the right track? Are you effectively addressing vulnerabilities and minimizing risks? To answer these questions, you need more than just a list of potential metrics – you need clarity on what truly matters.

Read Post

Indusface

Read more about 15 Critical KPIs to Assess Vulnerability Management

Fixer-Upper Wisdom: Nailing Down CVSS Vector String, EPSS and CISA-KEV

Mar 20, 2024 By Chris Rodgers In Seemplicity

The Common Vulnerability Scoring System (CVSS) is a pivotal tool in the field of cybersecurity that helps determine the severity of software vulnerabilities. There are few people who haven’t heard of this scoring system, however, there are many who only know it as a scoring model versus an actual vulnerability matrix that offers a consistent framework for communicating the traits and effects of different vulnerabilities.

Read Post

Seemplicity

Read more about Fixer-Upper Wisdom: Nailing Down CVSS Vector String, EPSS and CISA-KEV

Snyk's AppSec dream team

Mar 19, 2024 By Krysta Williams-Timm In Snyk

With springtime just around the corner, there’s a lot to be excited about — warmer weather, longer days, and, most importantly, basketball! In honor of the upcoming March Madness tournament, we’ve put together our own dream team for AppSec. Read on to discover the all-star features in application security this year and how they can help your team get a slam dunk in protecting applications from code to cloud.

Read Post

Snyk

Read more about Snyk's AppSec dream team

Threat Context Monthly: Executive intelligence briefing for March 2024

Mar 18, 2024 By KrakenLabs In Outpost 24

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Read Post

Outpost 24

Read more about Threat Context Monthly: Executive intelligence briefing for March 2024

How Nucleus Security Streamlines Vulnerability Management for Government Agencies

Mar 18, 2024 By Dani Woolf In Nucleus

Nucleus Security is proud to announce its recent achievement of Federal Risk and Authorization Management Program (FedRAMP®) authorization at impact level Moderate, making it the go-to choice for government agencies seeking top-tier vulnerability management solutions.

Read Post

Nucleus

Read more about How Nucleus Security Streamlines Vulnerability Management for Government Agencies

GoTestWAF - Quick start with Docker and PDF report

Mar 16, 2024 By Wallarm In Wallarm

GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, and others.

View Video

Wallarm

Read more about GoTestWAF - Quick start with Docker and PDF report

ASPM Best Practices for Secure Success

Mar 14, 2024 By Jessica Amado In Seemplicity

The days where applications were monoliths built of proprietary code, and releases were set quarterly are no more. Instead, they have been replaced by fast paced development sprints, with software created using plenty of code from open-source repositories. The growing complexities of software development and the associated risks have far exceeded the abilities of traditional application security.

Read Post

Seemplicity

Read more about ASPM Best Practices for Secure Success

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Mar 13, 2024 By Aviad Carmel In Salt Security

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

Read Post

Salt Security

Read more about Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Nine IT shortcuts that could cost you millions

Mar 13, 2024 By Marcus White In Outpost 24

Finding savings and efficiencies is part of an IT leader’s role. But sacrificing security for the sake of convenience is almost always asking for trouble later down the line. There are IT security shortcuts that might be well-intentioned and seem sensible at the time, that could have serious and unintended negative consequences. We’ll run through nine common IT security shortcuts that can end up costing organizations millions.

Read Post

Outpost 24

Read more about Nine IT shortcuts that could cost you millions

How to use Vanta and AWS to manage vulnerabilities

Mar 13, 2024 By Vanta In Vanta

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

Read Post

Vanta

Read more about How to use Vanta and AWS to manage vulnerabilities

Snyk users don't have to worry about NVD delays

Mar 13, 2024 By Hadas Bloom In Snyk

You may have encountered recent discussions and the official notice from NVD (National Vulnerability Database) regarding delays in their analysis process. This message was posted on the February 13: We want to assure you that these delays do not compromise the integrity or efficacy of Snyk's security intelligence, including the Snyk Vulnerability Database.

Read Post

Snyk

Read more about Snyk users don't have to worry about NVD delays

OWASP Top 10 with OPA/Styra

Mar 12, 2024 By Tim Hinrichs In Styra

Among other things, the OWASP organization delivers reports on the Top 10 most prevalent and important security risks for web-based software development. In 2019 they started reporting on the Top 10 API Security risks and refreshed that list in 2023. In this blog we describe how OPA/Styra can help with 9 of the 10 risks, and for each one we rate how impactful OPA/Styra is: Below we detail each of these 10 risks and briefly how to address them with OPA and Styra.

Read Post

Styra

Read more about OWASP Top 10 with OPA/Styra

GitHub "besieged" by malware repositories and repo confusion: Why you'll be ok

Mar 12, 2024 By Liran Tal In Snyk

As open source software development continues to evolve, so does its susceptibility to cybersecurity threats. One such instance is the recent discovery of malware repositories on GitHub. In this cybersecurity attack, threat actors managed to upload malicious code onto GitHub, a platform that hosts millions of code repositories and is used by developers worldwide.

Read Post

Snyk

Read more about GitHub "besieged" by malware repositories and repo confusion: Why you'll be ok

Sysdig integration with Backstage

Mar 11, 2024 By Joseph Yostos In Sysdig

Developers are frequently tasked with working with multiple tools in the cloud-native era. Each of these tools plays a crucial role in the application life cycle, from development to deployment and operations. However, the sheer variety and diversity of these tools can increase the likelihood of errors or the accidental inclusion of critical vulnerabilities and misconfigurations.

Read Post

Sysdig

Read more about Sysdig integration with Backstage

OWASP Top 10 for LLM Applications - Critical Vulnerabilities and Risk Mitigation

Mar 11, 2024 By Vinugayathri Chinnasamy In Indusface

GPT’s debut created a buzz, democratizing AI beyond tech circles. While its language expertise offers practical applications, security threats like malware and data leaks pose challenges. Organizations must carefully assess and balance the benefits against these security risks. Ensuring your safety while maximizing the benefits of Large Language Models(LLMs) like ChatGPT involves implementing practical actions and preparing for current and future security challenges.

Read Post

Indusface

Read more about OWASP Top 10 for LLM Applications - Critical Vulnerabilities and Risk Mitigation

JetBrains TeamCity Vulnerabilities (CVE-2024-27198 and CVE-2024-27199) Exploited

Mar 11, 2024 By Kroll In Kroll

Two critical vulnerabilities have been discovered and patched in TeamCity, a build management and continuous integration server from JetBrains. These vulnerabilities are being tracked as CVE-2024-27198 and CVE-2024-27199 and impact all TeamCity On-Premises versions through 2023.11.3. They are reportedly being actively exploited as of March 6, 2024, with a fix is available in version 2023.11.4, which was released Monday, March 4.

Read Post

Kroll

Read more about JetBrains TeamCity Vulnerabilities (CVE-2024-27198 and CVE-2024-27199) Exploited

2024-27198 and CVE-2024-27199: Authentication Bypass RCE Vulnerabilities Affecting On-Premises Servers of TeamCity

Mar 11, 2024 By Andres Ramos In Arctic Wolf

On March 3, 2024, JetBrains published a blog post describing two authentication bypass vulnerabilities affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit these vulnerabilities to bypass authentication and gain administrative control of a TeamCity Server. CVE-2024-27198 (CVSS 9.8): Alternative path issue in the web component of TeamCity that can lead to remote code execution (RCE). CVE-2024-27199 (CVSS 7.3)

Read Post

Arctic Wolf

Read more about 2024-27198 and CVE-2024-27199: Authentication Bypass RCE Vulnerabilities Affecting On-Premises Servers of TeamCity

CVE-2024-0692: High Severity Remote Code Execution Vulnerability Affecting SolarWinds Security Event Manager

Mar 11, 2024 By Andres Ramos In Arctic Wolf

On March 1, 2024, SolarWinds published a security advisory reporting that SolarWinds Security Event Manager (SEM) is vulnerable to a high severity vulnerability that allows an unauthenticated threat actor to achieve remote code execution (RCE), CVE-2024-0692. The vulnerability lies in the configuration of the AMF deserialization endpoints. Exploitation can occur due to insufficient validation of user-provided data, allowing untrusted data to be deserialized.

Read Post

Arctic Wolf

Read more about CVE-2024-0692: High Severity Remote Code Execution Vulnerability Affecting SolarWinds Security Event Manager

Significant changes to attack surface overview and many new tests

Mar 8, 2024 By Victor Arellano In Detectify

The new attack surface overview puts the changes and potential risky exposures to your attack surface front and center. But that’s not all we’ve shipped in February. We’ve improved our Azure domain connector, simplifying onboarding for those users, and sent dozens of new vulnerability tests, such as CVE-2024-27199: TeamCity Authentication Bypass and CVE-2024-21893: Ivanti Connect Secure, Policy Secure SSRF.

Read Post

Detectify

Read more about Significant changes to attack surface overview and many new tests

Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

Mar 8, 2024 By SnapAttack In SnapAttack

Let's face it - if patch management was a silver bullet then we wouldn't need vulnerability management, and threat actors know this. Vulnerabilities get picked up by threat actors and exploited as 1-days. In this week's Threat SnapShot, we'll look at a few recent Windows vulnerabilities that have been added to the CISA Known Exploited Vulnerability catalog and are actively used by threat actors like Water Hydra and Raspberry Robin. The first, a SmartScreen bypass (CVE-2023-36025 and CVE-2024-21412), allows code execution through crafted short links.

View Video

SnapAttack

Read more about Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199

Mar 7, 2024 By Splunk Threat Research Team In Splunk

Two critical vulnerabilities have been exposed in JetBrains TeamCity On-Premises versions up to 2023.11.3. Identified by Rapid7’s vulnerability research team in February 2024, CVE-2024-27198 and CVE-2024-27199 pose a significant threat, enabling unauthenticated attackers to potentially gain administrative control or execute code remotely on affected TeamCity servers.

Read Post

Splunk

Read more about Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199

Understand Security Misconfiguration | OWASP Top 10

Mar 7, 2024 By VISTA InfoSec In VISTA InfoSec

🔒 Unlocking Secure Software: Understanding Security Misconfiguration 🔒 In this OWASP Top 10 video, we delve into the critical topic of Security Misconfiguration (A05). 🛡️ Security Misconfiguration poses a significant risk in the OWASP Top 10. It occurs when applications or systems are configured with errors, leaving them vulnerable to exploitation by malicious actors. Whether it’s unchanged default settings or outdated software, these misconfigurations can have dire consequences.

View Video

VISTA InfoSec

Read more about Understand Security Misconfiguration | OWASP Top 10

Understanding the RSA-based Marvin Attack

Mar 7, 2024 By Vandana Verma Sehgal In Snyk

The Marvin Attack, named after the vulnerability it exploits, poses a significant threat to systems relying on RSA encryption and signing operations. It's a variation of the Bleichenbacher attack, which exploits errors in PKCS #1 v1.5 padding to perform adaptive-chosen ciphertext attacks. The attack leverages timing information obtained from RSA encryption or signing operations.

Read Post

Snyk

Read more about Understanding the RSA-based Marvin Attack

Apache Superset - Database Data Retrieval Through Improper Error Handling

Mar 6, 2024 By Anastasios Stasinopoulos In Obrela

Anastasios Stasinopoulos from OBRELA LABS Team discovered a security flaw that affects Apache Superset (before 3.0.4, from 3.1.0 before 3.1.1), an open-source modern data exploration and visualization platform. Apache Superset error handling can be manipulated in order to allow data retrieval from the backend database.

Read Post

Obrela

Read more about Apache Superset - Database Data Retrieval Through Improper Error Handling

Snyk Learn and the NIST Cybersecurity Framework (CSF)

Mar 6, 2024 By Michael Biocchi In Snyk

NIST (National Institute of Standards and Technology) recently released its revamped cybersecurity framework (CSF), aptly called NIST CSF 2.0. The CSF previously had five functions: Identify, Protect, Detect, Respond, and Recover. With 2.0, there is now a sixth: Govern. While Snyk plays an important role in application security and governance, in this blog, we're going to look at the function Snyk Learn plays in CSF 2.0: Protect.

Read Post

Snyk

Read more about Snyk Learn and the NIST Cybersecurity Framework (CSF)

AppSec Decoded: Software Vulnerability Snapshot highlights severe vulnerabilities on the rise

Mar 5, 2024 By Synopsys In Synopsys

Learn about the latest findings from the Software Vulnerability Snapshot report.

View Video

Synopsys

Read more about AppSec Decoded: Software Vulnerability Snapshot highlights severe vulnerabilities on the rise

AppSec Decoded: Software Vulnerability Snapshot takeaways

Mar 5, 2024 By Synopsys In Synopsys

The Software Vulnerability Snapshot explains why a full spectrum of AppSec testing is essential to managing software risk.

View Video

Synopsys

Read more about AppSec Decoded: Software Vulnerability Snapshot takeaways

TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

Mar 5, 2024 By Kroll In Kroll

The Kroll CTI team observed a campaign using a new malware that appears to be very similar to BABYSHARK, previously reported to have been developed and used by the APT group Kimsuky (KTA082). The malware was deployed as part of an attempted compromise that was detected and stopped by the Kroll Responder team. The activity started with exploitation of a recently addressed authentication bypass in the remote desktop software ScreenConnect, developed by ConnectWise.

Read Post

Kroll

Read more about TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

5 security best practices for adopting generative AI code assistants like GitHub Copilot

Mar 5, 2024 By Liqian Lim () In Snyk

Not that long ago, AI was generally seen as a futuristic idea that seemed like something out of a sci-fi film. Movies like Her and Ex Machina even warned us that AI could be a Pandora's box that, once opened, could have unexpected outcomes. How things have changed since then, thanks in large part to ChatGPT’s accessibility and adoption!

Read Post

Snyk

Read more about 5 security best practices for adopting generative AI code assistants like GitHub Copilot

Unlocking admin privileges via application-wide XSS delivery

Mar 4, 2024 By Peter Kantomaa In Outpost 24

During a recent customer assessment, our pen testers discovered a critical vulnerability that exemplifies the importance of manual and continuous pen testing. The issue involved a feature intended for administrators, allowing them to send messages to a “broadcast” endpoint, which would then be displayed in a modal pop-up box for all logged-in users of the web application. However, our pen testers found that this functionality was accessible to any user, regardless of their role.

Read Post

Outpost 24

Read more about Unlocking admin privileges via application-wide XSS delivery

Addressing the active exploitation of Ivanti VPN vulnerabilities (urgent advisory)

Mar 1, 2024 By Victor Acin In Outpost 24

A recent advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on vulnerabilities in Ivanti VPNs that are currently being actively exploited by malicious actors. Ivanti VPN solutions, widely utilized for their robust security features and efficient network management capabilities, have recently been identified as containing critical vulnerabilities.

Read Post

Outpost 24

Read more about Addressing the active exploitation of Ivanti VPN vulnerabilities (urgent advisory)

CVE-2024-1071 - Critical Vulnerability in Ultimate Member WordPress Plugin

Mar 1, 2024 By Deepak Kumar Choudhary In Indusface

A critical security flaw, known as CVE-2024-1071, has been found in the Ultimate Member plugin for WordPress. This vulnerability, with a CVSS score of 9.8, poses a significant risk to over 200,000 active installations. It potentially enables attackers to extract sensitive data from compromised databases, presenting a severe threat to website security.

Read Post

Indusface

Read more about CVE-2024-1071 - Critical Vulnerability in Ultimate Member WordPress Plugin

When Patch Tuesday becomes Patch Monday - Friday

Mar 1, 2024 By Vadim Freger In Cato Networks

If you’re an administrator running Ivanti VPN (Connect Secure and Policy Secure) appliances in your network, then the past two months have likely made you wish you weren’t. In a relatively short timeframe bad news kept piling up for Ivanti Connect Secure VPN customers, starting on Jan. 10th, 2024, when critical and high severity vulnerabilities, CVE-2024-21887 and CVE-2023-46805 respectively, were disclosed by Ivanti impacting all supported versions of the product.

Read Post

Cato Networks

Read more about When Patch Tuesday becomes Patch Monday - Friday

SafeBreach Coverage for AA24-060A (Phobos Ransomware) and AA24-060B (Ivanti Connect Secure)

Mar 1, 2024 By Kaustubh Jagtap In SafeBreach

On February 29th, the Cybersecurity and Infrastructure Security Agency (CISA) issued two separate advisories related to malicious behavior exhibited by threat actors. The first advisory AA24-060A pertains to Phobos Ransomware and the second advisory AA24-060B pertains to the exploitation of vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.

Read Post