Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2024

GrimResource: Arbitrary Code Execution via Malicious MSC file | Threat SnapShot

Jun 30, 2024 By SnapAttack In SnapAttack
Discover how to detect the GrimResource attack, a novel code execution technique leveraging Microsoft Management Console (MMC) files. This threat snapshot video breaks down Elastic Security Labs' research on this stealthy initial access vector that evades common defenses. Key points covered: Learn practical steps to protect your systems against this emerging threat. *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*
View Video
foresiet

New MOVEit Bug Actively Exploited Within Hours of Public Disclosure

Jun 28, 2024 By Foresiet In Foresiet
A high-severity security flaw in Progress Software's MOVEit Transfer platform is being exploited in the wild just hours after its disclosure. This vulnerability, identified as CVE-2024-5806, allows attackers to bypass authentication mechanisms and pose as any valid user, thereby gaining access to sensitive files.
Read Post
centripetal

Risks for Polyfill.io Users

Jun 28, 2024 By Lauren Farrell In Centripetal
Earlier this year, a Chinese company named Funnull acquired the polyfillio. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS open-source project are vulnerable to attacks that redirect traffic to sports betting and pornography sites.
Read Post

Building a Human-Centric Vulnerability Management Program

Jun 27, 2024 By Nucleus In Nucleus
Steve Carter, CEO and co-founder of Nucleus Security, and Dr. Nikki Robinson, Security Architect at IBM, discuss the importance of the people side of vulnerability management. They explore challenges such as context switching, long mean time to remediation, and the impact of communication on vulnerability management programs. The conversation includes practical advice on incorporating human factors into cybersecurity practices, how to improve communication and collaboration among teams, and why understanding human factors is crucial for effective vulnerability management.
View Video
centripetal

MOVEit Gateway and MOVEit Transfer Vulnerabilities

Jun 27, 2024 By Lauren Farrell In Centripetal
On June 25, 2024, Progress Software, the parent company of the MOVEit software suite, officially released details for two critical vulnerabilities identified in MOVEit Gateway and MOVEit Transfer, CVE-2024-5805 and CVE-2024-5806 respectively. MOVEit Transfer is a managed file transfer solution that supports the exchange of files and data between servers, systems and applications within and between organizations.
Read Post
outpost 24

Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware

Jun 27, 2024 By KrakenLabs In Outpost 24
While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and articles describing a novel infection technique being used to distribute various types of malware not necessarily related to each other. For example, this article analyzing Amadey and this one talking about Redline.
Read Post
Snyk

How to secure a REST API?

Jun 27, 2024 By Liran Tal In Snyk
As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.
Read Post
graylog

The exploit prediction scoring system: What it is and how to use it

Jun 27, 2024 By Graylog Security In Graylog
Managing vulnerabilities can feel like the end of the first act of Les Misérables as you sing to yourself, “one day more, another day another vulnerability.” Like Jean Valjean, you attempt to put up barricades to protect your environment from attackers exploiting these security weaknesses. Keeping pace with the number of vulnerabilities and threat actor activities becomes overwhelming, leaving you to feel outnumbered and outmanned.
Read Post
Arctic Wolf

CVE-2024-5805 & CVE-2024-5806: Authentication Bypass Vulnerabilities in Progress MOVEit Transfer and MOVEit Gateway

Jun 26, 2024 By Andres Ramos In Arctic Wolf
On June 25, 2024, Progress disclosed two vulnerabilities affecting MOVEit Transfer and MOVEit Gateway: CVE-2024-5805: A critical severity authentication bypass vulnerability affecting MOVEit Gateway (SFTP module). MOVEit Gateway is a proxy for MOVEit Transfer, designed to securely handle inbound connections when deployed behind a firewall.
Read Post
Tines

How security teams enhance vulnerability management with Tines

Jun 26, 2024 By Dave Herder In Tines
When it comes to vulnerability management, time is critical - every minute a vulnerability goes unaddressed, the risk escalates. To ensure all risks are addressed, security teams need vulnerability management processes that are reliable and efficient, and, crucially, don’t drain their resources. And given that 22% of cybersecurity professionals have admitted to ignoring an alert completely, we can’t afford to rely on the human element alone.
Read Post
Snyk

Polyfill supply chain attack embeds malware in JavaScript CDN assets

Jun 26, 2024 By Liran Tal In Snyk
On June 25, 2024, the Sansec security research and malware team announced that a popular JavaScript polyfill project had been taken over by a foreign actor identified as a Chinese-originated company, embedding malicious code in JavaScript assets fetched from their CDN source at: cdn.polyfill.io. Sansec claims more than 100,000 websites were impacted due to this polyfill attack, including publicly traded companies such as Intuit and others.
Read Post
wallarm

CVE-2024-36680: SQL Injection Vulnerability in Facebook's PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

Jun 26, 2024 By Wallarm In Wallarm
PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory tracking, and payment processing. Supporting multiple languages and currencies, it's ideal for small to medium businesses worldwide. Built by Promokit, the pkFacebook add-on integrates PrestaShop with Facebook, enabling product catalog sync, dynamic ads, and Facebook Shop creation.
Read Post
securitysenses

eSIM Cybersecurity: More Advantages or Drawbacks?

Jun 25, 2024 By SecuritySenses In SecuritySenses
As eSIM technology gets more popular every year and more people turn to it rather than physical SIM cards, what are the benefits? With eSIM technology, the SIM is built into the device, making it more convenient. An eSIM stands for embedded subscriber identity module and is an essential component that allows modern mobile devices to connect to mobile network operator services worldwide. However, I am more concerned about security rather than the features that new innovations bring. This is why I am dedicated to learning what security protocols eSIM uses and how safe embedded SIMs are for users.
Read Post
Snyk

Snyk Code now secures AI builds with support for LLM sources

Jun 25, 2024 By Liqian Lim () In Snyk
As we enter the age of AI, we’ve seen the first wave of AI adoption in software development in the form of coding assistants. Now, we’re seeing the next phase of adoption take place, with organizations leveraging increasingly widely available LLMs to build AI-enabled software. Naturally, as the adoption of LLM platforms like OpenAI and Gemini grows, so does the security risk associated with using them.
Read Post
Snyk

Finding and fixing exposed hardcoded secrets in your GitHub project with Snyk

Jun 25, 2024 By Chandler Mayo In Snyk
Snyk is an excellent tool for spotting project vulnerabilities, including hardcoded secrets. In this blog, we'll show how you can use Snyk to locate hardcoded secrets and credentials and then refactor our code to use Doppler to store those secrets instead. We'll use the open source Snyk goof project as a reference Node.js boilerplate application, so feel free to follow along with us.
Read Post
netwrix

SMBv3 Vulnerabilities Explained

Jun 25, 2024 By Kevin Joyce In Netwrix
Workplaces have evolved. While hybrid and remote work existed before COVID-19, these working arrangements became even more prevalent during and after the pandemic. Today, workplaces offer the flexibility for employees to work and access company resources from anywhere worldwide, with the Server Message Block (SMB) protocol at the center of this.
Read Post

Tines for Vulnerability Management

Jun 25, 2024 By Tines In Tines
For teams focused on vulnerability management, maintaining a secure and resilient environment for your organization is paramount. From finding vulnerabilities and assessing their risk, to patch management and continuous reporting, teams are often juggling disconnected systems, various input sources, and manual prioritization and assignment to ensure vulnerabilities aren’t being overlooked.
View Video
cyberark

Identity Security: The Keystone of Trust

Jun 25, 2024 By Claudio Neiva In CyberArk
A few weeks ago, my wife asked me why stopping threat actors from impacting our lives is so difficult. In this digital age, the necessity to connect online brings inherent exposure to vulnerabilities. The challenge for you as a security leader lies in reducing the sense of vulnerability by building trust. You need to protect your organization and reassure employees so they can perform their jobs without fear.
Read Post
foresiet

Critical Mailcow Vulnerabilities: Safeguard Your Servers from Remote Code Execution

Jun 24, 2024 By Foresiet In Foresiet
Mailcow Mail Server Vulnerabilities Expose Servers to Remote Code Execution Recently, two significant security vulnerabilities have been uncovered in the Mailcow open-source mail server suite. These vulnerabilities, which affect all versions prior to 2024-04, were disclosed by SonarSource on March 22, 2024, and could allow malicious actors to execute arbitrary code on vulnerable Mailcow instances. Understanding the Vulnerabilities.
Read Post
ionix

Understanding Vulnerability Prioritization, Management & Remediation

Jun 24, 2024 By Fara Hain In IONIX
What are your most important corporate assets? Like most companies, you probably have mission-critical assets and those that play a smaller role in your revenue and continuity. You are also likely to be using Vulnerability Management or Assessment tools to lock down where those assets can potentially be compromised. Vulnerability Prioritization combines asset importance and potential for risk.
Read Post
Arctic Wolf

CVE-2024-37079 & CVE-2024-37080: Critical Heap-overflow Remote Code Execution Vulnerabilities in VMware vCenter Server and Cloud Foundation

Jun 24, 2024 By Andres Ramos In Arctic Wolf
On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 & CVE-2024-37080) affecting vCenter Server and Cloud Foundation. These vulnerabilities stem from a heap-overflow issue in the implementation of the DCERPC protocol which can be exploited by remote threat actors. By sending specially crafted network packets, threat actors could exploit CVE-2024-37079 and CVE-2024-37080 to achieve Remote Code Execution (RCE) on both vCenter Server and Cloud Foundation systems.
Read Post
seemplicity

Seemplicity Optimizes Collaborative Vulnerability Remediation with Microsoft Teams

Jun 24, 2024 By Tanvi Tapadia In Seemplicity
Communication across business units, technology layers, and systems is a massive challenge when it comes to streamlining any process, especially vulnerability remediation. Seemplicity’s new Microsoft Teams integration elevates cross team collaboration by facilitating the distribution of information, remediation requests, and more. These capabilities enable users to share findings with varying levels of context, depending on the recipients’ requirements. .
Read Post
wallarm

CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models

Jun 21, 2024 By Wallarm In Wallarm
ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers to take control of the affected router models without needing any login credentials.
Read Post
Trustwave

Why Vulnerability Scanning is an Offensive Security Program's Secret Weapon

Jun 21, 2024 By Trustwave In Trustwave
Knowing what you don’t know is the key to keeping an organization safe and the best method of doing so is with an offensive security approach that includes vulnerability scanning. By being proactive one can identify exploitable weaknesses in your own systems before malicious actors can. Here's why vulnerability scanning is an essential part of any offensive security solution: Vulnerability scanning is just one piece of the offensive security puzzle, but it's a crucial one.
Read Post
bitsight

Evaluating dependence on NVD

Jun 20, 2024 By Ben Edwards In BitSight
As I mentioned at the beginning of this year, I am trying to do a monthly blog post on what might be termed “Major Security Events”. In particular this year, I’ve written about the Ivanti meltdown, Lockbit ransomware, and the xz backdoor. These events usually emerge cacophonously and suddenly into the cybersecurity landscape, and generally get everyone’s attention “real quick”.
Read Post
Snyk

Breaking caches and bypassing Istio RBAC with HTTP response header injection

Jun 20, 2024 By Rory McNamara In Snyk
After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts.
Read Post
Spectral

Penetration testing vs vulnerability scanning: which is suitable for your stack

Jun 19, 2024 By Eyal Katz In Spectral
Sensitive customer information leaked, operations disrupted, and reputation tarnished – this is not the headline you want splashed across the internet. There’s a 76% spike in data theft victims and a 75% increase in cloud intrusions. Vulnerabilities are lurking within every organization’s digital infrastructure – but how do you stay ahead of security threats? The answer is simple – proactive security testing.
Read Post
outpost 24

Getting started with Continuous Threat Exposure Management (CTEM)

Jun 19, 2024 By Outpost 24 In Outpost 24
AI risk and security management is unsurprisingly Gartner’s number one strategic technology trend for 2024. But you might be less familiar with number two: Continuous Threat Exposure Management (CTEM). Coined by Gartner in 2022, CTEM isn’t just another buzzy acronym – it’s a powerful process that can help continuously manage cyber hygiene and risk across your online environment.
Read Post
aikido

Drata Integration - How to Automate Technical Vulnerability Management

Jun 18, 2024 By Roeland Delrue In Aikido
Aikido Security is now live on the Drata Integration marketplace! That’s great news because navigating today’s cybersecurity regulatory landscape is a bit like walking a tightrope in a hurricane. As cyber threats evolve, so do the regulations designed to keep them in check. Businesses now find themselves grappling with a growing list of compliance requirements, each more stringent than the last.
Read Post
Zenity

Inherent Data Leakage in Microsoft Fabric Business-Led Development

Jun 18, 2024 By Ziv Daniel Hagbi In Zenity
Microsoft Fabric is an end-to-end analytics and data platform that covers a wide range of functionality, including data movement, processing, ingestion, transformation, real-time event routing, and report building. The platform allows business users of all technical backgrounds to create, process, and store data and build powerful business tools from a unified platform.
Read Post
Snyk

Automate security controls from development to production on Google Cloud

Jun 18, 2024 By David Lugo In Snyk
To help businesses develop fast and stay secure, Snyk prioritizes seamless compatibility with developers’ existing workflows. In other words, every major tool or environment a developer touches in their everyday work can interface with Snyk tooling. This compatibility includes partnerships with major cloud providers like Google Cloud.
Read Post
outpost 24

TicketMaster breach: Leaked credentials are the golden ticket once again

Jun 17, 2024 By KrakenLabs In Outpost 24
It had already been a challenging few weeks for Live Nation Entertainment, Inc. as they faced down a lawsuit from The Justice Department regarding anti-competitive practices. Things got worse at the end of May when a cybercriminal known as “SpidermanData” claimed to have breached a huge database of 560 million records (including personal and financial data) belonging to TicketMaster Entertainment, LLC – a Live Nation company.
Read Post
ionix

SolarWinds Fixes Severe Serv-U Vulnerability (CVE-2024-28995): Overview and Response Guide

Jun 16, 2024 By Nethanel Gelernter In IONIX
SolarWinds has recently addressed a critical security flaw, designated as CVE-2024-28995, in its Serv-U Managed File Transfer and Secure FTP software. This vulnerability, discovered by Hussein Daher, involves a directory traversal flaw that allows unauthenticated attackers to access sensitive files on the host system.
Read Post
securitysenses

The Importance of Cyber Security Services in Today's Digital Landscape

Jun 14, 2024 By SecuritySenses In SecuritySenses
In the digital age, where almost every aspect of our lives is intertwined with technology, ensuring the security of our online presence has never been more critical. Cyber security services play a pivotal role in protecting sensitive information from cyber threats, making them indispensable for both businesses and individuals. But what exactly are cyber security services, and why are they so important?
Read Post
astra

OWASP API Top 10 Explained with Real-World Examples

Jun 14, 2024 By Keshav Malik In Astra
It’s an API talking to the API world we’re living in. As per Postman, 500 million new APIs are expected to be created by 2025. APIs are a lifesaver when it comes to automation or integration. But when it comes to the security of these APIs, things can get a little tricky. OWASP API Top 10 gives insights on top vulnerabilities exploited in APIs.
Read Post
Arctic Wolf

Understanding the Risks of Remote Monitoring and Management Tools

Jun 14, 2024 By Arctic Wolf In Arctic Wolf
On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software, stating that the vulnerabilities have the potential to result in remote code execution (RCE). ScreenConnect is a widely utilized Remote Monitoring and Management (RMM) tool that has been leveraged by threat actors in the past, often in connection with ransomware attacks.
Read Post
riskoptics

Threat, Vulnerability, and Risk: What's the Difference?

Jun 13, 2024 By RiskOptics In RiskOptics
Threat, vulnerability, and risk – these words often appear side by side in security discussions. But what exactly do they mean, and how do they differ from one another? This article discusses the relationships among threats, vulnerabilities, and risk. Then we’ll explore various methods for calculating and managing these issues, and provide insights into securing against potential security threats.
Read Post
Snyk

Why "vulnerability management" falls short in modern application security

Jun 13, 2024 By Daniel Berman In Snyk
Faced with the growing complexity of software development environments, combined with expanding cyber threats and regulatory requirements, AppSec teams find themselves grappling with a daunting array of challenges. While the advent and subsequent adoption of "shift left" methodologies marks a significant and necessary step forward, it is now evident that this approach requires an accompanying mindset shift.
Read Post
Snyk

4 AI coding risks and how to address them

Jun 13, 2024 By Liqian Lim () In Snyk
96% of developers use AI coding tools to generate code, detect bugs, and offer documentation or coding suggestions. Developers rely on tools like ChatGPT and GitHub Copilot so much that roughly 80% of them bypass security protocols to use them. That means that whether you discourage AI-generated code in your organization or not, developers will probably use it. And it comes with its fair share of risks. On one hand, AI-generated code helps developers save time.
Read Post
foresiet

Heightened Exploit Attempts on Check Point's Recent VPN Zero-Day Vulnerability

Jun 12, 2024 By Foresiet In Foresiet
A significant surge in exploitation attempts targeting a newly disclosed information disclosure flaw in Check Point's VPN technology has been observed recently. This has underscored the urgent need for organizations to address the vulnerability immediately.
Read Post
foresiet

Security Flaws Discovered in Popular WooCommerce Plugin

Jun 12, 2024 By Foresiet In Foresiet
Patchstack has recently identified multiple security vulnerabilities in the WooCommerce Amazon Affiliates (WZone) plugin. Created by AA-Team, this widely-used premium WordPress plugin has garnered significant popularity, amassing over 35,000 sales. It serves as a crucial asset for website owners and bloggers aiming to monetize their sites through the Amazon affiliate program.
Read Post
Snyk

Snyk and AWS announce native Amazon EKS support directly from the AWS Management Console

Jun 12, 2024 By David Lugo In Snyk
We’re excited to announce that Snyk has now developed an AWS Marketplace add-on for Amazon Elastic Kubernetes Service (Amazon EKS), embedded directly into the AWS Management Console! Snyk joins a small number of approved ISVs around the globe, allowing customers to deploy a Snyk agent on Amazon EKS clusters using the same methods you would use to deploy native AWS services, either manually via the AWS Management Console or by using AWS’ command-line interface (CLI).
Read Post
tripwire

4 Things a Good Vulnerability Management Policy Should Include

Jun 12, 2024 By Matthew Jerzewski In Tripwire
The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year’s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated.
Read Post
Snyk

AI quality: Garbage in, garbage out

Jun 11, 2024 By Michael Biocchi In Snyk
If you use expired, moldy ingredients for your dessert, you may get something that looks good but tastes awful. And you definitely wouldn’t want to serve it to guests. Garbage in, garbage out (GIGO) applies to more than just technology and AI. Inputting bad ingredients into a recipe will lead to a potentially poisonous output. Of course, if it looks a little suspicious, you can cover it in frosting, and no one will know. This is the danger we are seeing now.
Read Post
tigera

How to Address Kubernetes Risks and Vulnerabilities Head-on

Jun 11, 2024 By Dhiraj Sehgal In Tigera
Misconfigurations and container image vulnerabilities are major causes of Kubernetes threats and risks. According to Gartner, more than 90% of global organizations will be running containerized applications in production by 2027. This is a significant increase from fewer than 40% in 2021. As container adoption soars, Kubernetes remains the dominant container orchestration platform.
Read Post
outpost 24

Introducing The Outpost24 Exposure Management Platform

Jun 11, 2024 By Outpost 24 In Outpost 24
Today, Outpost24 introduced its exposure management platform alongside plans for its future. The Outpost24 Exposure Management Platform is a single platform for all of the exposure management offerings Outpost24 has today and will add tomorrow. With The Outpost24 Exposure Management Platform, organizations can: The Outpost24 Exposure Management platform is built to be tailored to what matters most to a specific organization. Powerful protection without the bloat offered with some other platforms,
Read Post
wallarm

CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface

Jun 10, 2024 By Wallarm In Wallarm
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating of 9.8 (critical). VBEM is a web-based platform that allows administrators to oversee Veeam Backup and Replication installations through a web interface console.
Read Post
signmycode

CISA Alerts on Extensively Exploited Linux Privilege Elevation Vulnerability

Jun 10, 2024 By SignMyCode In SignMyCode
The two new vulnerabilities that the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added to its list of known exploited vulnerabilities (KEV) are both related to the privilege elevation of the Linux kernel.
Read Post
indusface

CVE-2024-4577 - A PHP CGI Argument Injection Vulnerability in Windows Servers

Jun 10, 2024 By Vivek Chanchal In Indusface
On June 7, 2024, a new critical PHP vulnerability CVE-2024-4577 was revealed, mainly impacting XAMPP on Windows. It happens when PHP runs in CGI mode with specific language settings, like Chinese or Japanese. The problem comes from how PHP handles certain characters, allowing attackers to inject code through web requests and take control of servers. This vulnerability, if exploited, could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security.
Read Post
nucleus

Vulnerability Management Trends & SLAs: Risky Biz Podcast Episode

Jun 7, 2024 By Kevin Swartz In Nucleus
Nucleus Security co-founder and COO, Scott Kuffer, joined the Risky Biz News Podcast with host Catalin Cimpanu, for a discussion around trends Nucleus is observing when it comes to vulnerability management and how service level agreements (SLAs) have become a sign of an organization’s security health. In the podcast, Scott and Catalin discuss major trends of high performing vulnerability management programs for organizations using Nucleus’ platform, including.
Read Post
Snyk

Call for action: Exploring vulnerabilities in Github Actions

Jun 6, 2024 By Elliot Ward In Snyk
To address the need for streamlined code changes and rapid feature delivery, CI/CD solutions have become essential. Among these solutions, GitHub Actions, launched in 2018, has quickly garnered significant attention from the security community. Notable findings have been published by companies like Cycode and Praetorian and security researchers such as Teddy Katz and Adnan Khan.
Read Post
Snyk

Talk to us about Snyk CLI

Jun 6, 2024 By Chintan B. In Snyk
At the end of April 2024, we introduced Semantic Versioning and release channels to Snyk CLI, changes that were well received by our customers. Building on that momentum, we aim to design the CLI so that it not only helps you do your job well but also brings you joy in doing so. We invite you to accompany us on this path to discover together. In today’s blog post, Neil and I, the design and product duo for Snyk CLI, will share the following three things with you.
Read Post
CrowdStrike

Active Exploitation Observed for Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086)

Jun 6, 2024 By Adam Cardillo - Amit Serper - Suraj Sahu In CrowdStrike
Last week, CISA added CVE-2024-1086 to its Known Exploited Vulnerability Catalog. CVE-2024-1086, a use-after-free vulnerability in the Linux kernel’s netfilter, was disclosed on January 31, 2024 and assigned a CVSS of 7.8 (High). If successfully exploited, it could allow threat actors to achieve local privilege escalation. While there was no evidence of active exploitation at the time of disclosure, we have since observed adversaries targeting CVE-2024-1086 in the wild.
Read Post
foresiet

Surge in CatDDoS Attacks: Exploiting Vulnerabilities to Spread Mirai Variant

Jun 6, 2024 By Foresiet In Foresiet
The cybersecurity landscape has recently been shaken by a surge in activity involving a Mirai distributed denial-of-service (DDoS) botnet variant known as CatDDoS. Over the past three months, threat actors have aggressively exploited more than 80 vulnerabilities to spread this malware. In this blog, we explore the recent CatDDoS attacks, the targeted sectors, and the implications for cybersecurity practices.
Read Post
Snyk

Securing next-gen development: Lessons from Trust Bank and TASConnect

Jun 5, 2024 By Gerald Crescione In Snyk
Today, the average application contains thousands of moving parts. Organizations deploy to multi-cloud environments with containers and microservices, using a combination of code written by internal teams, generated by AI, and curated by third parties. Security teams face a tall order in keeping these complex applications secure, especially given the increasing number of software supply chain attacks.
Read Post
kroll

An Introduction To Purple Teaming

Jun 5, 2024 By Kroll In Kroll
With cyber threats constantly evolving, organizations must ensure that their approach to identifying and mitigating vulnerabilities is always up to date. Purple teaming can play a vital role in helping them to achieve this. Purple teaming involves red and blue teams collaborating on an ongoing basis to maximize their impact. Read on to discover how purple teaming enables businesses to enhance and accelerate their approach to identifying and mitigating security vulnerabilities.
Read Post
synopsys

CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service

Jun 5, 2024 By Synopsys Editorial Team In Synopsys
The Synopsys Cybersecurity Research Center (CyRC) has exposed prompt injection vulnerabilities in the EmailGPT service. EmailGPT is an API service and Google Chrome extension that assists users in writing emails inside Gmail using OpenAI's GPT models. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.
Read Post
cyberark

Operation Grandma: A Tale of LLM Chatbot Vulnerability

Jun 5, 2024 By Eran Shimony and Shai Dvash In CyberArk
Who doesn’t like a good bedtime story from Grandma? In today’s landscape, more and more organizations are turning to intelligent chatbots or large language models (LLMs) to boost service quality and client support. This shift is receiving a lot of positive attention, offering a welcome change given the common frustrations with bureaucratic delays and the lackluster performance of traditional automated chatbot systems.
Read Post

How to Create Azure DevOps Organization and VS Code Personal Access Token (Visual Studio Code)

Jun 5, 2024 By Snyk In Snyk
Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
View Video
nucleus

Vulnerability Management Modernization & FedRAMP: Resilient Cyber Podcast

Jun 5, 2024 By Kevin Swartz In Nucleus
Ever wonder how Nucleus got started? Curious to know what our CEO and co-founder Steve Carter is working on? You’re in luck. Steve joined host Chris Hughes on the Cyber Resilience podcast to talk about those topics and more. Additionally, Steve and Chris explored the process for earning FedRAMP authorization, some of the particular vulnerability management challenges government agencies are dealing with, and why risk-based vulnerability management resonates with the government community.
Read Post
seemplicity

Breaking Down the Phases of CTEM

Jun 5, 2024 By Jessica Amado In Seemplicity
Continuous Threat Exposure Management (CTEM) serves as a strategic framework for evaluating an organization’s security posture. CTEM is specifically designed to identify and address vulnerabilities and other security gaps within an organization’s digital infrastructure. In essence, CTEM is a systematic approach to fortify cyber defenses and mitigate potential security risks effectively. Gartner, which created CTEM, sees it as a sort of Vulnerability Management 2.0.
Read Post
bitsight

7 Types of exposures to manage beyond CVEs

Jun 5, 2024 By Vanessa Jankowski In BitSight
As cybersecurity leaders try to get ahead of threats to their organization, they're increasingly seeking ways to get off the hamster wheel of chasing countless CVEs (common vulnerabilities and exposures). The brass ring that most CISOs reach for today is prioritization of exposures in their infrastructure (and beyond), so their teams can focus on tackling the ones that present the greatest risk. In some cases, the highest priority exposures will still be critical CVEs on mission critical assets.
Read Post
outpost 24

Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)

Jun 4, 2024 By Timothy Hjort In Outpost 24
During some standard research as part of the Outpost24 Vulnerability Research Department, I discovered 5 vulnerabilities in Zyxel NAS devices: The vulnerabilities were disclosed to Zyxel on 2024-03-14 as part of our responsible disclosure policy, and have been resolved at the time of publishing this post (2024.06.04).
Read Post
Snyk

Snyk sponsors Snowflake Summit

Jun 4, 2024 By LaToya Muff In Snyk
We are thrilled to announce the strategic partnership between Snyk and Snowflake, two industry leaders coming together to revolutionize data security and empower organizations worldwide. This partnership brings unparalleled benefits to our customers by combining the advanced capabilities of Snyk’s security data with the robust infrastructure of Snowflake's data platform, therefore equipping Snyk customers with powerful insights into their security posture.
Read Post
Snyk

Secure AI tool adoption: Perceptions and realities

Jun 4, 2024 By Alex Salkever In Snyk
In our latest report, Snyk surveyed security and software development technologists, from top management to application developers, on how their companies had prepared for and adopted generative AI coding tools. While organizations felt ready and believed AI coding tools and AI-generated code were safe, they failed to undertake some basic steps for secure adoption. And within the ranks, those close to the code have greater doubts about AI safety than those higher up in management.
Read Post
Arctic Wolf

CVE-2024-4358 & CVE-2024-1800: PoC Exploit Published for Pre-Authenticated RCE Chain in Progress Telerik Report Server

Jun 4, 2024 By Andres Ramos In Arctic Wolf
On May 31st, 2024, a Proof of Concept (PoC) exploit and technical analysis were published for a pre-authentication Remote Code Execution (RCE) exploit chain impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations.
Read Post
wallarm

CVE-2024-24919: Check Point's Quantum Gateway comes under Attack as Hackers exploit Zero-Day Vulnerability

Jun 3, 2024 By Wallarm In Wallarm
Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On 27.04.2024 (Monday), the company initially alerted customers to an increase in attacks targeting VPN devices, offering guidance on how administrators can safeguard their systems.
Read Post
tripwire

Understanding Vulnerability Management and Patch Management

Jun 3, 2024 By Taha Dharsi In Tripwire
Vulnerability management and patch management are often confused. However, it's crucial to recognize that, while complementary, they are distinct processes. Understanding the differences between vulnerability management and patch management is essential for a solid security posture. Let's delve into the concepts to understand better what they are, how they differ, and how they work together.
Read Post
centripetal

Check Point Vulnerability: CVE-2024-24919

Jun 3, 2024 By Lauren Farrell In Centripetal
On May 28, 2024, Check Point released an advisory for CVE-2024-24919, a high priority bug which according to NIST NVD is categorized as “Exposure of Sensitive Information to an Unauthorized Actor”. The NVD has yet to assess a CVSS score for CVE-2024-24919 as of this writing. This vulnerability affects Check Point Security Gateway devices connected to the internet and configured with either IP-Sec VPN or Mobile Access software blades.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.