Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2024

ionix

Preventing Magecart Attacks Through Supply Chain Vulnerabilities

Apr 30, 2024 By Nethanel Gelernter In IONIX
The digital supply chain refers to the chain of third-party digital tools, services and infrastructure that is depended on for a particular first-party service (such as your website or SaaS platform). In an ever-changing digital landscape, supply chains can be brittle with many unseen risks. The nature of supply chain risk is transitive; any part of the often long and complicated digital supply chain can be compromised, causing all components downstream of it to also be compromised.
Read Post
datadog

Detect vulnerabilities in minutes with Agentless Scanning for Cloud Security Management

Apr 30, 2024 By Pronoy Chaudhuri In Datadog
Security teams require complete visibility into their hosts, containers, and functions in order to detect, prioritize, and remediate their most pressing security risks. The Datadog Agent helps you achieve this visibility by collecting deep insights in your environment through logs, distributed traces, infrastructure metrics, and other key telemetry.
Read Post
Snyk

How Mulesoft fosters a developer-first, shift-left culture with Snyk

Apr 30, 2024 By Gerald Crescione In Snyk
While shifting security left has been a hot topic for around a decade, many organizations still face issues trying to make it a reality. There are many misconceptions about what shift left means and what it looks like for development teams to take ownership of security without derailing their existing workflows.
Read Post
Snyk

Snyk CLI: Introducing Semantic Versioning and release channels

Apr 30, 2024 By Chintan B. In Snyk
We are pleased to introduce Semantic Versioning and release channels to Snyk CLI from v.1.1291.0 onwards. In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can opt-in according to their needs.
Read Post
Arctic Wolf

Understanding Risk-Based Vulnerability Management

Apr 29, 2024 By Arctic Wolf In Arctic Wolf
In 2023, a quarter (25.6%) of incidents originated with a known vulnerability, according to the Arctic Wolf Labs 2024 Threat Report. And while zero-day vulnerabilities only accounted for a tiny percentage of incidents in 2023, two of them — the MOVEit Transfer Vulnerability and the GoAnywhereMFT Vulnerability — wreaked havoc around the globe.
Read Post
Arctic Wolf

CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign "ArcaneDoor"

Apr 29, 2024 By Andres Ramos In Arctic Wolf
On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.
Read Post
jit

When and How to Use Trivy to Scan Containers for Vulnerabilities

Apr 29, 2024 By Liron Biam In Jit
Containers are integral to modern application development portability, resource efficiency, and ease of deployment. But there is a flip side to these benefits. Unlike traditional applications, containers bundle everything needed to run, making them a scattered setup for hidden security issues. 54% of container images in Docker Hub were found to contain sensitive information that could lead to unauthorized access, data breaches, or identity theft.
Read Post
bluevoyant

Enhancing Cybersecurity with BlueVoyant's AI Technology for Emerging Vulnerabilities

Apr 29, 2024 By George Aquila In BlueVoyant
After a new zero-day vulnerability is announced, the National Vulnerability Database (NVD) publishes a measure of its severity under the Common Vulnerability Scoring System (CVSS). CVSS scores are a crucial tool for organizations as they give an approximation of the severity of disclosed vulnerabilities.
Read Post
Arctic Wolf

Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

Apr 28, 2024 By Andres Ramos In Arctic Wolf
On April 12, 2024, Delinea issued an advisory to address a critical authentication bypass vulnerability identified in the SOAP API component of its Secret Server product, available in both Cloud and On-Premises solutions. A threat actor could exploit this vulnerability to bypass authentication, gain administrative access, and extract sensitive information.
Read Post
Featured Post
ThreatQuotient

How threat intelligence can improve vulnerability management outcomes

Apr 27, 2024 By Chris Jacob, Global Vice President, Threat Intelligence Engineers In ThreatQuotient
It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization's vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.
Read Post
Arctic Wolf

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

Apr 26, 2024 By Andres Ramos In Arctic Wolf
On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204 and CVE-2024-24996, are heap overflow issues in the WLInfoRailService and WLAvalancheService components, respectively. Both vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature due to the potential for unauthenticated Remote Code Execution (RCE) in low-complexity attacks.
Read Post

Hunting the XZ Backdoor (CVE-2024-3094) | Threat SnapShot

Apr 26, 2024 By SnapAttack In SnapAttack
Welcome back to another episode of SnapAttack's Threat SnapShot! I’m AJ King, the Director of Threat Research here at SnapAttack. In today’s episode, I dive into detecting the XZ Backdoor, CVE-2024-3094, a sophisticated supply chain attack that could have had a massive impact on many Linux distributions.
View Video
salt security

Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package

Apr 25, 2024 By Eric Schwake In Salt Security
OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.
Read Post
coralogix

Palo Alto Global Protect Command Injection Vulnerability

Apr 25, 2024 By Hetram Yadav and Aseem Rastogi In Coralogix
On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.
Read Post
mend

Quick Guide to the OWASP OSS Risk Top 10

Apr 25, 2024 By AJ Starita In Mend
CVEs, or known and cataloged software vulnerabilities, dominate the discussion about open source software (OSS) risk. In 2016, 6,457 CVEs were reported. That number has grown every year since, reaching 28,961 CVEs reported in 2023—an increase of nearly 4.5 times in just seven years. 2024 is already on track to beat 2023, and we will likely see even faster growth once AI is earnestly set to the task of finding vulnerabilities (not to mention creating them).
Read Post
bluevoyant

Identify, Respond, & Protect - Defending yourself from the newly disclosed Palo Alto PAN-OS CVE

Apr 25, 2024 By Joel Molinoff In BlueVoyant
On April 12th, Palo Alto disclosed a vulnerability with a maximum severity rating for the PAN-OS Global Protect Gateway. There was clear evidence that the vulnerability was being actively exploited as early as March 26th. When exploited, this vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto expected patches to be released for tested mitigations to block known attacks on April 14th.
Read Post
jit

Vulnerability Assessments vs. Penetration Testing: Key Differences

Apr 24, 2024 By Moshiko Lev In Jit
In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixing vulnerabilities. This dichotomy poses a significant challenge, especially with the ever-increasing security loopholes. CISA recommends addressing critical issues in less than 15 days, but it may be wishful thinking. IT teams are inundated with an ever-increasing volume of security alerts, making it challenging to prioritize and address each one effectively.
Read Post
Snyk

360 degrees of application security with Snyk

Apr 24, 2024 By Soumen Mukherjee In Snyk
Application development is a multistage process. The App goes through various stages, each with its own area of focus. However, application security, a.k.a. AppSec, is constant throughout all the stages. For example, when a developer codes, it’s expected that the code will be secure. Similarly, the artifacts that are worked upon or generated as an end output of the respective stages are all required to be secure.
Read Post
indusface

Top 10 Best Practices for Attack Surface Reduction

Apr 24, 2024 By Vinugayathri Chinnasamy In Indusface
Vulnerabilities are everywhere and often exploited. For example, in 2023, over 29,000 critical and high vulnerabilities were discovered across approximately 1,400 applications. The dynamic and evolving attack surfaces make it harder to protect against these threats. When the attack surface gets bigger, so does the risk of cyber attacks. This blog delves into what an attack surface is and recommends best practices in attack surface reduction.
Read Post

Vulnerability Management Benchmarking: Metrics and Practices of Highly Effective Organizations

Apr 24, 2024 By Nucleus In Nucleus
This webinar dives deep into vulnerability management metrics, the challenges of maintaining cloud and ephemeral assets, and the discrepancies in vulnerability management across different organizations. Join us as we unravel the nuances of MTTR (Mean Time to Remediate), SLA (Service Level Agreements), and how high-performing organizations manage cybersecurity threats more efficiently. Don't miss this discussions on the role of data democratization in cybersecurity and how organizations can transition from reactive to proactive vulnerability management, no mature your VM maturity.
View Video
Snyk

Snyk Code's autofixing feature, DeepCode AI Fix, just got better

Apr 23, 2024 By Liqian Lim () In Snyk
DeepCode AI Fix is an AI-powered feature that provides one-click, security-checked fixes within Snyk Code, a developer-focused, real-time SAST tool. Amongst the first semi-automated, in-IDE security fix features on the market, DeepCode AI Fix’s public beta was announced as part of Snyk Launch in April 2023. It delivered fixes to security issues detected by Snyk Code in real-time, in-line, and within the IDE.
Read Post
kroll

CVE-2024-3400: Zero-Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS

Apr 23, 2024 By Kroll In Kroll
A command injection vulnerability, being tracked as CVE-2024-3400, was recently discovered in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability has a CVSS score of 10 (Critical) and is actively being exploited in the wild. It impacts versions PAN-OS 120.2, PAN-OS 11.0 and PAN-OS 11.1. If exploited on vulnerable PAN-OS versions and distinct feature configurations, an unauthenticated attacker could execute arbitrary code with root privileges on the firewall.
Read Post
outpost 24

Outpost24 Enhances Attack Surface Management with Manual Rescanning

Apr 22, 2024 By Outpost 24 In Outpost 24
Philadelphia, PA, 22nd April – Outpost24, a leading provider of cyber threat exposure management solutions, is pleased to announce the addition of manual asset rescans to its External Attack Surface Management (EASM) platform. This enhancement enables EASM customers to re-check the status of recently updated assets, providing flexibility around asset management tasks outside of automated and continuous scanning.
Read Post

Why you NEED an Open Source Vulnerability Scanner

Apr 22, 2024 By Snyk In Snyk
Here are 7 reasons why you need an open source vulnerability scanner. ✍️ Resources ✍️ ⏲️ Chapters ⏲️ ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
View Video
appknox

A Complete Overview of OWASP Mobile Top 10 2024 (+ A Free Checklist)

Apr 20, 2024 By Raghunandan J In Appknox
31% of executives cite improper risk identification as their organizations’ top cybersecurity challenge. Reacting only to attacks leads to an average 118-day breach detection time, which can significantly impact business. Staying informed about cybersecurity risks is crucial. OWASP offers a list of common threats for testers, but some find them insufficient due to its crowdsourced nature.
Read Post
appknox

Built for Mobiles: Why Choose a Mobile-First Vulnerability Assessment Tool?

Apr 20, 2024 By Raghunandan J In Appknox
Security teams spend an average of 130 hours per week monitoring and tracking threats. 43% of cyber attacks are aimed at small businesses, while only 14% are prepared to defend themselves. Companies with more than 10,000 employees have the most critical-severity vulnerabilities. A vulnerability is an exploitable gap in your application's security. As your threat landscape increases, the attack surface and the number of vulnerabilities might also increase.
Read Post
indusface

Leveraging Risk-Based Vulnerability Management with AcuRisQ

Apr 19, 2024 By Gaurav Chauhan In Indusface
Maintaining an inventory of assets (websites, APIs and other applications) is a good start. However, when each of these websites have tens of open vulnerabilities, the sheer volume overwhelms you, leading to alert fatigue. Then, how do you decide where to begin? Enter Indusface AcuRisQ, the solution to your prioritization dilemma.
Read Post
kroll

Akira Ransomware Makes a Play for VPNs Without Multi-Factor Authentication

Apr 19, 2024 By Kroll In Kroll
Learn about careers with us and search open job opportunities here. In Q4 2023, Kroll identified an uptick in engagements involving Akira ransomware, a trend that has continued into 2024. Kroll observed that in the majority of cases, initial activity could be tracked back to a Cisco ASA VPN service.
Read Post
datadog

Prioritize vulnerability remediation with Datadog SCA

Apr 19, 2024 By David Lentz In Datadog
Software Composition Analysis (SCA) is the practice of identifying the open source libraries your code depends on. By using SCA, you can analyze these dependencies and determine whether they are affected by any known vulnerabilities, contain malicious code, introduce licensing risk, or are poorly maintained. SCA helps teams understand their software’s dependencies and the security implications of using them so that they can safely build on and innovate with open source code.
Read Post
panoptica

Discover your exposure to the XZ Utilities backdoor in 10 seconds or less

Apr 19, 2024 By Tim Miller In Panoptica
When high profile security events happen, it is essential for you and your team to have the information you require right at your fingertips. Using Panoptica’s powerful graph database and easy to use query engine, you are easily able to discover all the assets in all your cloud environments that could have compromised software installed.
Read Post
centripetal

PuTTY Vulnerability: CVE-2024-31497

Apr 19, 2024 By Lauren Farrell In Centripetal
On April 15th, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum disclosed that PuTTY had a vulnerability that can allow an attacker to compromise private keys, then forge signatures, and log into any remote servers on which those keys are used. PuTTY is a free and open-source terminal emulator, serial console and network file transfer application that supports several network protocols, including SCP, SSH, Telnet, rlogin, serial port and raw socket connections.
Read Post
jit

The 2024 In-Depth Guide to OWASP Top 10 Vulnerabilities & How to Prevent Them

Apr 19, 2024 By Shlomi Kushchi In Jit
The OWASP Top 10 list is the go-to resource to begin understand application security risk for software developers and information security professionals. Most of us don't know we're harboring vulnerabilities in plain sight. During 2020 and 2021, there were an average of 15 vulnerabilities per site, and two out of these fifteen vulnerabilities were of high severity. ‍To protect against vulnerabilities, you first need to be aware of them. That’s where the OWASP Top 10 list comes in handy.
Read Post
mend

What Makes Containers Vulnerable?

Apr 18, 2024 By AJ Starita In Mend
When looking for sensitive information and other valuable assets, attackers rarely access their target directly. Instead, they find vulnerabilities in other components and use them to weave through the system and escalate privileges where they can. Because containers add a layer of complexity to already large and complex applications, the attack surface is increased, giving threat actors more to work with.
Read Post
Razorthorn

Wake Up Call: XZ Utils Breach Demands Open Source Security Reform

Apr 18, 2024 By Michael Aguilera In Razorthorn
In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.
Read Post
Snyk

Responsibilities of a modern CISO

Apr 18, 2024 By Vandana Verma Sehgal In Snyk
The role of a Chief Information Security Officer (CISO) is critical in an interconnected business environment. A modern CISO will ensure that their organization is well-prepared to handle the myriad of cybersecurity challenges it faces. It is multifaceted, extending beyond traditional IT security to encompass various responsibilities to protect an organization's information assets.
Read Post
jit

Unzipping the XZ Backdoor and Its Lessons for Open Source

Apr 18, 2024 By David Melamed In Jit
By now, you have probably heard about the recently discovered backdoor into versions 5.6.0 and 5.6.1 of the tarballs of the xz utilities, a popular compression/decompression library for xz files, which provides unauthorized remote access under certain conditions. This vulnerability was reported under CVE-2024-3094. Andres Freund, of Microsoft, who discovered the vulnerability, summarized it well.
Read Post
outpost 24

Hunting 'unknown-unknowns' in your attack surface

Apr 17, 2024 By Marcus White In Outpost 24
Ever lost sleep over possible hidden attack routes lurking in your organization’s attack surface? You’re not alone. The concept of ‘unknown-unknowns’ is a recurring nightmare for many IT professionals – but there are ways to mitigate the risks. We’ll explore the problem of unknown-unknowns and provide some practical strategies to help your organization uncover these hidden threats.
Read Post
Snyk

An investigation into code injection vulnerabilities caused by generative AI

Apr 16, 2024 By Jack Hair In Snyk
Generative AI is an exciting technology that is now easily available through cloud APIs provided by companies such as Google and OpenAI. While it’s a powerful tool, the use of generative AI within code opens up additional security considerations that developers must take into account to ensure that their applications remain secure. In this article, we look at the potential security implications of large language models (LLMs), a text-producing form of generative AI.
Read Post
cyberint

New Vulnerability in R's Deserialization Discovered

Apr 16, 2024 By Adi Bleih In Cyberint
Security researchers have identified a vulnerability, CVE-2024-27322, in the R programming language that permits arbitrary code execution by deserializing untrusted data. This flaw can be exploited when loading RDS (R Data Serialization) files or packages, which are commonly shared among developers and data scientists. An attacker can craft malicious RDS files or packages containing embedded arbitrary R code, triggering execution on the victim’s device upon interaction.
Read Post
cycognito

Emerging Security Issue: Palo Alto Networks GlobalProtect PAN-OS Software CVE-2024-3400

Apr 16, 2024 By Emma Zaballos In CyCognito
While Palo Alto Networks has not released patches for all affected versions, CyCognito has conducted active tests across all customer realms and 97.5% of CyCognito customers’ affected devices are no longer exploitable.
Read Post
appsentinels

How AppSentinels aligns with Gartner API Security Recommendations

Apr 16, 2024 By AppSentinels In AppSentinels
The Gartner research paper “What You Need to Do to Protect Your APIs” outlines key requirements for bolstering API security measures. In this blog post, we’ll delve deeper into these requirements as introduced by Gartner, explain their significance, and demonstrate how AppSentinels offers comprehensive solutions for each requirement. As per Gartner, the second step is to assess the security of these APIs.
Read Post

How to choose the Best Node.js Docker Image

Apr 15, 2024 By Snyk In Snyk
Today we walk through the best options for your Node.js Docker Image, how to avoid common pitfalls and mistakes, and the best ways to strengthen the security of your projects effectively. ⏲️ Chapters ⏲️ ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
View Video
Arctic Wolf

CVE-2024-3400: Critical Vulnerability in GlobalProtect Feature of PAN-OS being Actively Exploited

Apr 15, 2024 By Andres Ramos In Arctic Wolf
On April 12, 2024, Palo Alto Networks published a security advisory detailing an actively exploited maximum severity vulnerability (CVE-2024-3400, CVSS: 10.0) affecting the GlobalProtect feature of PAN-OS. This vulnerability affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls when configurations for both GlobalProtect gateway and device telemetry are enabled. An unauthenticated remote threat actor can exploit this vulnerability to execute arbitrary code with root privileges on the firewall.
Read Post
Arctic Wolf

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

Apr 15, 2024 By Andres Ramos In Arctic Wolf
On April 14, 2024, Palo Alto Networks (PAN) released hotfixes to address the maximum severity (CVSS: 10) vulnerability, CVE-2024-3400, affecting the GlobalProtect Feature of PAN-OS. An unauthenticated remote threat actor can exploit this vulnerability to execute arbitrary code with root privileges on the firewall. Volexity identified CVE-2024-3400 as a zero-day vulnerability and found that the threat actor UTA0218 was implanting a custom Python backdoor on firewall devices.
Read Post
centripetal

Palo Alto Networks Vulnerability: CVE-2024-3400

Apr 15, 2024 By Lauren Farrell In Centripetal
On April 12th, Palo Alto Networks released a CVE advisory for CVE-2024-3400, a critical vulnerability identified in the GlobalProtect Gateway feature of PAN-OS, the operating system for Palo Alto Networks firewalls. This command injection vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges on the affected devices.
Read Post
Forward Networks

CVE-2024-3400: Are you at Risk? Find out in Seconds with Forward Enterprise.

Apr 15, 2024 By Natalie Cheung In Forward Networks
Recently, a critical vulnerability, CVE-2024-3400, was discovered in the Palo Alto Networks PAN-OS software, posing a substantial risk to affected systems. In this blog post, we will discuss the nature of this vulnerability and how Forward Networks can assist organizations in swiftly identifying and addressing their risk exposure.
Read Post
wallarm

How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics

Apr 15, 2024 By Wallarm In Wallarm
On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto is here. Palo Alto has marked this vulnerability as critical and NVD has scored it a 10.0 with CVSSv3. Wallarm currently detects attacks against this vulnerability with no additional configuration required.
Read Post
sysdig

The Hidden Economy of Open Source Software

Apr 12, 2024 By Nigel Douglas In Sysdig
The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security. While it is often not consumer-facing, open-source software is a critical component of computing and internet functions, such as secure communications between machines.
Read Post
ionix

CVE-2024-3400 - PAN-OS OS Command Injection Vulnerability in GlobalProtect Gateway

Apr 12, 2024 By Billy Hoffman In IONIX
Unauthenticated, remote attackers can execute arbitrary OS commands with root privileges against certain Palo Alto’s GlobalProtect firewalls, using a just announced critical severity vulnerability which is being actively exploited in the wild. While limited to specific versions and configurations, unauthenticated remote command execution vulnerabilities are among the most severe security vulnerabilities that exist. Indeed, CVE-2024-3400 has a critical 10 out of 10 rating under CVSS.
Read Post
Trustwave

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway

Apr 12, 2024 By Trustwave In Trustwave
A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations that may enable a remote, unauthenticated attacker to execute arbitrary code with root privileges on the firewall. These specific versions require configurations for GlobalProtect gateway and device telemetry enabled.
Read Post
CrowdStrike

CVE-2024-3400: What You Need to Know About the Critical PAN-OS Zero-Day

Apr 12, 2024 By Falcon Exposure Management Team In CrowdStrike
CrowdStrike is constantly working to protect our customers from the newest and most advanced cybersecurity threats. We are actively monitoring activity related to CVE-2024-3400, a critical command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software affecting “specific PAN-OS versions and distinct feature configurations,” the vendor says.
Read Post
Snyk

Nine Docker pro tips for Node.js developers

Apr 11, 2024 By Liran Tal In Snyk
If you spend quite a bit of time in the command line, working with Docker images and containers locally to build and test them, you might be in the mood for some power-user Docker commands. We're skipping the basics and diving straight into the lesser-known yet highly effective commands that can significantly improve your Docker experience.
Read Post
Forescout

Connect:fun: New exploit campaign in the wild targets media company

Apr 11, 2024 By Sai Molige In Forescout
In a new threat briefing, Forescout Research – Vedere Labs details an exploitation campaign targeting organizations running Fortinet’s FortiClient EMS which is vulnerable to CVE-2023-48788. We are designating this campaign Connect:fun because of the use of ScreenConnect and Powerfun as post-exploitation tools – our first-ever named campaign.
Read Post

MAX Prevents CRITICAL Zero-Day Vulnerability

Apr 11, 2024 By SecurityScorecard In SecurityScorecard
Today we learn about SecurityScorecard's MAX and how it single-handedly prevented a MAJOR Zero-Day Vulnerability. With SecurityScorecard MAX, you no longer have to worry about your supply chain being at risk. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.
View Video
tigera

CVE-2024-3094 Exposed: A Guide to Overcoming XZ/liblzma and Similar Threats Using Calico

Apr 11, 2024 By Reza Ramezanpour In Tigera
Before we start this blog post, let’s acknowledge that the only way to secure your environment from any vulnerability is to update the vulnerable hardware or software with patches that the author or the project community releases. Every other form of mitigation is only a way to provide an extended time for critical applications that cannot be updated immediately.
Read Post
nucleus logo

Chapter One: The State of Vulnerability Management

Apr 11, 2024 By Nucleus
Vulnerability exploitation is involved in over half of breaches, making it a huge risk to organizations. And the problem only continues to balloon year over year... both in the speed at which attackers are capitalizing on exploited vulnerabilities, and in the way that technology and assets outgrow most organization's current vulnerability management programs. In this series, we're going to be breaking down how vulnerability management has grown and evolved over time, plus how to modernize your program using things like risk-based vulnerability management.
Get EBook
Snyk

Six takeaways from our ASPM masterclass series

Apr 10, 2024 By Erin Cullen In Snyk
Software development moves fast, and many application security teams struggle to keep up. More sophisticated agile, DevOps, and cloud practices, along with the growing use of AI, mean more agility for development teams. However, these innovations are a challenge for security teams, as they must move at this same speed in order to secure applications effectively. Application security posture management (ASPM) directly responds to these emerging challenges.
Read Post
mend

OWASP Top 10 for LLM Applications: A Quick Guide

Apr 10, 2024 By AJ Starita In Mend
Published in 2023, the OWASP Top 10 for LLM Applications is a monumental effort made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond. OWASP contributors came up with over 40 distinct threats and then voted and refined their list down to the ten most important vulnerabilities.
Read Post
Arctic Wolf

CVE-2024-3094: Backdoor Found in XZ Utils Compression Tool Used by Linux Distributions

Apr 9, 2024 By Andres Ramos In Arctic Wolf
On March 29, 2024, a security researcher disclosed the discovery of malicious code in the most recent versions of XZ Utils data compression tools and libraries. The code contained a backdoor, which a remote threat actor can leverage to break sshd authentication (the service for SSH access) and gain unauthorized access to the system, potentially leading to Remote Code Execution (RCE).
Read Post
Snyk

Introducing Snyk's partnership with Gemini Code Assist

Apr 9, 2024 By David Lugo In Snyk
Developer teams worldwide are increasingly leveraging AI to accelerate the speed of software development. However, AI-generated code can bypass protocols from the security team, so developers may not be evaluating the code as often as they should. Snyk works alongside today’s modern development teams with the goal of harnessing the many benefits of AI-assisted coding, while also providing full trust that the code is secure.
Read Post
SecurityScorecard

How SecurityScorecard STRIKE Identifies Zero Days in the Wild

Apr 9, 2024 By SecurityScorecard In SecurityScorecard
SecurityScorecard STRIKE threat researchers discovered 12 zero-days in customer environments in the last year. Attacks are increasingly targeting third-party software. The zero-day vulnerability that emerged in Progress Software’s MOVEit Transfer product last year was a stark reminder of the real-world impact of such vulnerabilities. It wreaked havoc on businesses and governments worldwide, with cyber criminals exploiting it since May of 2023.
Read Post
Snyk

Exploiting HTTP/2 CONTINUATION frames for DoS attacks

Apr 8, 2024 By Vandana Verma Sehgal In Snyk
The vulnerability lies in the way HTTP/2 implementations handle CONTINUATION frames, which are used to transmit header blocks larger than the maximum frame size. Attackers exploit this weakness by sending an excessive number of CONTINUATION frames within a single HTTP/2 stream. This flood of frames overwhelms the server's capacity to process them efficiently.
Read Post
CrowdStrike

Two Effective Strategies to Reduce Critical Vulnerabilities in Applications

Apr 8, 2024 By Jacob Garrison In CrowdStrike
Securing custom applications in a sea of vulnerabilities is daunting. To make the task even more challenging, the threat to applications continues to grow: 8 out of the top 10 data breaches last year were related to application attack surfaces.1 This blog details two effective strategies for identifying vulnerabilities in custom software applications so they can be quickly addressed.
Read Post
synopsys

What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack

Apr 8, 2024 By Fred Bals In Synopsys
A week ago, on March 29th, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that two versions of xz Utils, were found to have been compromised. The xz Utils code had been tampered with to include a malicious “backdoor” that would ultimately give attackers the same level of control over affected systems as authorized administrators.
Read Post
jit

CVE 2023-2033: What is it, and how to fix it?

Apr 8, 2024 By Liron Biam In Jit
Zero-day vulnerabilities are the surprise no developer wants to get. Because these security flaws are unknown to developers, they have zero days to prepare or mitigate the vulnerability before an exploit can occur. 62% of vulnerabilities were first exploited as zero-day vulnerabilities, so they are far more prevalent than we think. Even Google Chrome can attest to that after discovering a series of zero-day vulnerabilities that left its billions of users at risk in 2023.
Read Post

A06 Vulnerable and Outdated Components - OWASP TOP 10

Apr 8, 2024 By VISTA InfoSec In VISTA InfoSec
Outdated software components are a hacker's best friend. Learn about the dangers of A06:2021 (formerly known as "Using Components with Known Vulnerabilities") in the OWASP Top 10. This threat just climbed the ranks – let's get you up to speed! In this video, we'll tackle.
View Video
cyberint

CVSS 4.0 Is Here: What Security Leaders Need To Know

Apr 4, 2024 By Cyberint In Cyberint
The Common Vulnerability Scoring System (CVSS) is used to evaluate and communicate the technical severity of software, hardware and firmware vulnerabilities. While CVSS has been around for nearly 2 decades and now stands as an industry standard tool for scoring the severity of a vulnerability, the framework still has its limitations. To mitigate some of these challenges and improve the efficacy of the system, an updated version of CVSS was released in November 2023.
Read Post
tripwire

Google Patches Pixel Phone Zero-days After Exploitation by "Forensic Companies"

Apr 4, 2024 By Graham Cluley In Tripwire
Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security. What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting two vulnerabilities to extract information and prevent remote wiping.
Read Post
armo

Yet another reason why the xz backdoor is a sneaky b@$tard

Apr 3, 2024 By Ben Hirschberg In ARMO
A contributor to the liblzma library (a compression library that is used by the OpenSSH project, among many others) submitted malicious code that included an obfuscated backdoor. Since the maintainers had no reason to suspect foul play, they accepted and merged the contribution. The malicious code made it into the compression library release, and later on to the OpenSSH server, which relies on the library in question.
Read Post
CrowdStrike

CVE-2024-3094 and the XZ Upstream Supply Chain Attack: What You Need to Know

Apr 2, 2024 By Dumitra Dragos - Amit Serper - Suraj Sahu In CrowdStrike
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils.
Read Post
outpost 24

Security auditing web apps? Here's your checklist for a successful pen test.

Apr 2, 2024 By Marcus White In Outpost 24
A penetration test is a sanctioned assault on your organization’s electronic assets and data. If the attack is repelled, you win. If the attack successfully breaches your defenses, technically you also win – as you’ve now got the chance to fix those vulnerabilities before a real attacker tries their luck. Given the complexity of a modern enterprise, a pen test can evaluate a wide range of assets, networks, systems, and apps on premises, mobile, and in the cloud.
Read Post
SecurityScorecard

National Vulnerability Database Updates: How SecurityScorecard's CVEDetails can help

Apr 2, 2024 By SecurityScorecard In SecurityScorecard
The National Vulnerability Database (NVD), the world’s most widely used vulnerability data source, has been having some problems recently, causing uncertainty and anxiety for everyone dealing with security vulnerabilities. Many organizations, including cybersecurity vendors, rely on CVE data provided by NVD. As a government organization operated by the U.S.
Read Post
WatchGuard

Weak Authentication Attacks: 49% report high costs

Apr 1, 2024 By The Editor In WatchGuard
Cyberattacks on large companies grab the headlines, creating the false impression that only big organizations are targeted by cybercriminals. This misleads smaller companies into believing that they are not potential targets because of their size or low profile. However, threats against small and medium-sized companies have been a cause for concern in recent years. Experts warn that companies with fewer than 100 employees are especially vulnerable to a range of threats.
Read Post
cato networks

XZ Backdoor / RCE (CVE-2024-3094) is the Biggest Supply Chain Attack Since Log4j

Apr 1, 2024 By Vitaly Simonovich In Cato Networks
A severe backdoor has been discovered in XZ Utils versions 5.6.0 and 5.6.1, potentially allowing threat actors to remotely access systems using these versions within SSH implementations. Many major Linux distributions were inadvertently distributing compromised versions. Consult your distribution’s security advisory for specific impact information.
Read Post
sumologic

Responding to CVE-2024-3094 - Supply chain compromise of XZ Utils

Apr 1, 2024 By Anton Ovrutsky In Sumo Logic
It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity.
Read Post
centripetal

XZ Utils Vulnerability: CVE-2024-3094

Apr 1, 2024 By Lauren Farrell In Centripetal
On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 out of 10, indicating its severity as critical.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.