Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2024

seemplicity

LOTL Attacks-The Silent Saboteurs in Your Systems

Oct 31, 2024 By Ravid Circus, Co-founder and Chief Product Officer In Seemplicity
Living Off the Land (LOTL) cyber attacks have become a major headache for cybersecurity professionals. These insidious attacks are getting more sophisticated and widespread, posing serious risks to businesses and even national security. Unlike traditional malware-based attacks, LOTL techniques exploit the very tools and processes that organizations rely on for their daily operations.
Read Post
cyberark

Discovering Hidden Vulnerabilities in Portainer with CodeQL

Oct 31, 2024 By Eviatar Gerzi In CyberArk
Recently, we researched a project on Portainer, the go-to open-source tool for managing Kubernetes and Docker environments. With more than 30K stars on GitHub, Portainer gives you a user-friendly web interface to deploy and monitor containerized applications easily. Since Portainer is an open-source, we thought CodeQL, an advanced code analysis tool, be a good fit to check its codebase for any security issues.
Read Post
kondukto

eBPF Vulnerabilities: Ecosystem and Security Model

Oct 31, 2024 By Andreas Wiese In Kondukto
In this two part blog post we will take a deeper look at eBPF and some of its known vulnerabilities. After a quick introduction to eBPF, how it and its ecosystem works, common attacks, we will talk about how automation and fuzzing can help you to harden your eBPF applications.
Read Post
CalCom

Remote Desktop Protocol (RDP) Vulnerability

Oct 30, 2024 By John Gates In CalCom
Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, providing the user access to remotely connect with another computer. Microsoft’s remote desktop protocol is one of the best currently available in the market, working efficiently with an effortless graphical user interface (GUI). It can be used between multiple Windows Operating Systems and Devices. This article discussed RDP protocol security and current RDP vulnerabilities.
Read Post
Arctic Wolf

CVE-2024-50388: Critical OS Command Injection Vulnerability in QNAP HBS 3 Hybrid Backup Sync

Oct 30, 2024 By Andres Ramos In Arctic Wolf
On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own conference, this vulnerability affects HBS 3 Hybrid Backup Sync, a backup and disaster recovery solution used by organizations for secure data protection across multiple locations. The flaw allows remote attackers to execute arbitrary commands.
Read Post
wallarm

How to Mitigate the Latest API Vulnerability in FortiManager

Oct 30, 2024 By Wallarm In Wallarm
Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to steal sensitive information containing configurations, IP addresses, and credentials used by managed devices. In advanced notification emails, Fortinet warned its users of the vulnerability and mitigation steps. The vulnerability has a critical severity rating of 9.8 out of 10.
Read Post
tigera

How Kubernetes Changes the Vulnerability Management Ball Game

Oct 30, 2024 By John Alexander In Tigera
Kubernetes has become a cornerstone in modern IT environments, significantly revolutionizing the way applications are deployed and managed. Its ability to automate scaling, deployment, and management of containerized applications makes it indispensable for businesses aiming for agility, scalability, and efficiency. As organizations increasingly adopt microservices architectures, Kubernetes’ role in providing seamless orchestration and robust security continues to grow in importance.
Read Post

Why Risk-Based Vulnerability Management (RBVM) Increases Your Security Debt, and How You Can Fix It

Oct 30, 2024 By Nucleus In Nucleus
In this Nucleus webinar, we take a deep dive into the practical challenges and strategies for managing security debt in the context of Risk-Based Vulnerability Management (RBVM). Scott Kuffer, co-founder of Nucleus Security and veteran in vulnerability management, explains how RBVM has shifted from a holistic risk reduction approach to a prioritization-heavy process that often falls short. He discusses why traditional methods lead to excessive security debt and demonstrates how aligning VM processes with product management principles can create more efficient, business-centric remediation.
View Video

The FortiManager RCE Vulnerability - The 443 Podcast - Episode 311

Oct 29, 2024 By WatchGuard In WatchGuard
This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statements. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.
View Video
Snyk

Best Practices for Continuous Vulnerability Management

Oct 29, 2024 By Liran Tal In Snyk
Continuous vulnerability management is not just a best practice—it's a necessity. With so many open-source dependencies to choose from (almost 3 million on the npm registry!), it’s no wonder supply chain security incidents are the focus of malicious actors. Let’s not forget the rise of ChatGPT, LLM chatbots, and AI-assisted code generation.
Read Post
Snyk

Top 5 SAST Auto-fixing Tools and How They Compare

Oct 29, 2024 By Liqian Lim () In Snyk
7 hours. That’s how long, on average, a developer takes to remediate a security issue in their code. Vulnerability detection is improving rapidly and scaling, but remediating security risks is still a tedious, time-consuming process that takes developers away from their core work. And now, with AI-generated code introducing vulnerabilities at greater speed and volume than ever before, remediation is taking even more time.
Read Post
ionix

The Essential Guide to Vulnerability Management Tools

Oct 29, 2024 By Amit Sheps In IONIX
Vulnerability management programs attempt to identify and correct software vulnerabilities before they pose a significant threat to an organization’s cybersecurity. To learn more about how to design and implement a vulnerability management program, check out these resources: This article describes the tools that an organization will need to implement an effective vulnerability management program.
Read Post
cycognito

Emerging Threat: FortiJump (CVE-2024-47575)

Oct 29, 2024 By Emma Zaballos In CyCognito
CVE-2024-47575, also known as FortiJump, is a critical (9.8) missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Threat researcher Kevin Beaumont published a blog post on October 22nd, 2024 identifying this vulnerability as a zero day. This vulnerability is separate from CVE-2024-23113, which also affects FortiGate devices.
Read Post
upguard

Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities

Oct 29, 2024 By UpGuard Team In UpGuard
The Common UNIX Printing System (CUPS) is a widely used printing system on Unix-like operating systems, but recent vulnerabilities have exposed significant risks. The most critical is CVE-2024-47176, which affects the cups-browsed service by binding to the IP address INADDR_ANY:631. This configuration flaw causes it to trust all incoming packets, leading to potential remote code execution when interacting with malicious printers. This vulnerability is part of a chain of exploits, including.
Read Post
outpost 24

Threat Context Monthly: Executive intelligence briefing for October 2024

Oct 28, 2024 By KrakenLabs In Outpost 24
Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from October.
Read Post
safebreach

An Update on Windows Downdate

Oct 26, 2024 By Alon Leviev In SafeBreach
In August, I shared a blog on my most recent research project called Windows Downdate, which I first presented at Black Hat USA 2024 and DEF CON 32 (2024). In it, I explained how I was able to develop a tool to take over the Windows Update process to craft custom downgrades on critical OS components to expose previously fixed vulnerabilities. By using this downgrade ability, I discovered CVE-2024-21302, a privilege escalation vulnerability affecting the entire Windows virtualization stack.
Read Post
Arctic Wolf

CVE-2024-47575: Critical Vulnerability in FortiNet FortiManager Under Active Exploitation

Oct 24, 2024 By Andres Ramos In Arctic Wolf
On October 23, 2024, Fortinet published an advisory disclosing an actively exploited vulnerability (CVE-2024-47575) affecting FortiManager and FortiManager Cloud. The critical-severity vulnerability can be exploited on FortiManager instances exposed to the internet via port 541. Successful exploitation could allow a remote, unauthenticated threat actor to execute arbitrary code or commands via specially crafted requests.
Read Post
Snyk

Find, auto-fix, and prioritize intelligently, with Snyk's AI-powered code security tools

Oct 24, 2024 By Liqian Lim () In Snyk
During the long-awaited Snyk Launch 2024, we announced the exciting general availability of Snyk Code's auto-fixing feature, DeepCode AI Fix, powered by our AI machine, DeepCode AI! To celebrate this milestone, let’s explore how Snyk’s AI-powered features differentiate our approach to application security. AI is on everyone's minds, along with its countless applications that offer a wide variety of solutions (and issues).
Read Post
nucleus

New from Nucleus: Automating POA&M Management for Federal Compliance

Oct 24, 2024 By Scott Kuffer In Nucleus
Managing compliance in federal IT is a critical and complex task, especially when it comes to addressing findings from security assessments. One of the key tools to bridge the gap between requirements and the current state is the Plan of Action and Milestones (POA&M). Required by federal security frameworks like the Federal Information Security Modernization Act (FISMA) and NIST 800-53, POA&Ms are used to document security weaknesses, outline mitigation plans, and track their resolution.
Read Post
riscosity

LLM Prompt Injection 101

Oct 23, 2024 By Anirban Banerjee In Riscosity
Prompt injection attacks exploit vulnerabilities in natural language processing (NLP) models by manipulating the input to influence the model’s behavior. Common prompt injection attack patterns include: 1. Direct Command Injection: Crafting inputs that directly give the model a command, attempting to hijack the intended instruction. 2. Instruction Reversal: Adding instructions that tell the model to ignore or reverse previous commands. 3.
Read Post
Snyk

Vulnerability-Free C and C++ Development in Automotive Manufacturing and Software Defined Vehicles (SDV)

Oct 23, 2024 By Liran Tal In Snyk
The automotive industry is at a unique inflection point in its history with the advent of the Software Defined Vehicle (SDV). During the Society of Automotive Engineers (SAE) World Congress held in Detroit April 16th - 18th, 2024, it was explicitly stated there is more than a $500 billion market that will see investment in R&D and technological advancements for the automotive industry.
Read Post
securitysenses

The Importance of Security in Web Development

Oct 23, 2024 By SecuritySenses In SecuritySenses
Today, internet applications have a significant share of performing tasks in different spheres of life-both commercial and personal ones. Today, the use of web technologies has gone high, thereby invoking extra measures to protect these technologies and platforms. Security cannot be overemphasized in web development since emerging vulnerabilities mean great losses-reputation loss, given the rapid expansion of internet users in the universe, as well as millions of dollars.
Read Post
Arctic Wolf

Update: Broadcom Releases Fix for Incomplete Patch of Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation (CVE-2024-38812)

Oct 22, 2024 By Andres Ramos In Arctic Wolf
On October 21, 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the initial patch from September did not fully resolve the issue. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to RCE.
Read Post
code intelligence

Understanding, detecting, and fixing buffer overflows: a critical software security threat

Oct 22, 2024 By Natalia Kazankova In Code Intelligence
Buffer overflows are one of the oldest and most dangerous vulnerabilities in software security. A heap buffer overflow was the second most exploited vulnerability in 2023. Over the years, it has enabled countless attacks, often with severe consequences, such as Cloudbleed in 2017. Despite advances in security practices, buffer overflows continue to pose significant risks, especially in software written in low-level languages like C and C++.
Read Post
lookout

How to Use a Risk-Based Vulnerability Management Model to Secure Mobile Dev

Oct 22, 2024 By Lookout In Lookout
The typical workplace of the information age is no longer an office cubicle with a desktop PC. It’s an airplane seat, a comfy cafe chair, and a kitchen table — and it may not even have a company-issued device at its center. Research shows the productivity gains made possible by the growth of bring-your-own-device (BYOD) policies. Yet empowering employees to do their best work wherever they are and with whatever devices they have at their disposal also comes with risks.
Read Post
Snyk

Elevating Views of Risk: Holistic Application Risk Management with Snyk

Oct 22, 2024 By Daniel Berman In Snyk
As apps become more complex and development speeds up with DevOps, cloud-native tech, and AI, having a comprehensive approach to managing application risk is more important than ever. Traditional methods just aren’t cutting it anymore. Security teams are overwhelmed by vulnerabilities, and developers aren’t getting the guidance they need on what to focus on first. This gap between security and development is leaving apps more vulnerable.
Read Post
kroll

Container Security Best Practices

Oct 21, 2024 By Kroll In Kroll
Containers are transforming how enterprises deploy and use applications - their efficiency and cost-effectiveness making them a cornerstone of modern IT strategies. Compared to traditional virtualization, where the server runs a hypervisor, and then virtual machines with entire guest operating systems and software run on top of the hypervisor, containers allow more versatility since they simplify management and provide faster provisioning of applications and resources.
Read Post
Arctic Wolf

CVE-2024-28988: Critical Java Deserialization RCE Vulnerability Impacts SolarWinds Web Help Desk

Oct 18, 2024 By Andres Ramos In Arctic Wolf
On October 15, 2024, SolarWinds released a hotfix for CVE-2024-28988, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialization flaw, which could enable a remote unauthenticated attacker to execute arbitrary code on vulnerable hosts.
Read Post
Snyk

Ensuring comprehensive security testing in DevOps pipelines

Oct 17, 2024 By Jim Armstrong In Snyk
DevOps has dominated the 21st-century software industry as a powerful methodology for streamlining processes and improving collaboration between development and operations teams. However, as organizations shift towards this model, a critical aspect is often overlooked: security. This led to the advent of DevSecOps, an approach that aims to bridge the gap by integrating security practices into DevOps workflows.
Read Post
Snyk

Introducing: Extensive AppSec visibility with Snyk Analytics

Oct 17, 2024 By Seth Rosen In Snyk
Your developer team is growing rapidly, and modern applications are becoming increasingly complex. With the rise of GenAI, both developer productivity and security risks are on the rise; How can your application security stay ahead? Snyk Analytics is our most powerful solution yet for AppSec leaders seeking to gain the visibility and insights needed to proactively address security threats.
Read Post
cycognito

Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls Vulnerabilities

Oct 16, 2024 By Emma Zaballos In CyCognito
On October 9th, 2024, five vulnerabilities were disclosed by Palo Alto Networks: These vulnerabilities affect Palo Alto Networks Expedition, a tool that manages configuration migration from supported vendors to Palo Alto Networks systems.
Read Post
cycognito

Emerging Security Issue: Multiple CUPS Vulnerabilities

Oct 16, 2024 By Emma Zaballos In CyCognito
On September 26, 2024, four critical vulnerabilities, CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, were disclosed in the open-source printing system Common Unix Printing System (CUPS) and its components. Attackers can leverage the remote code execution (RCE) and input validation vulnerabilities as part of an attack chain.
Read Post
cycognito

Emerging Security Issue: Fortinet FortiOS CVE-2024-23113

Oct 16, 2024 By Emma Zaballos In CyCognito
CVE-2024-23113 is a critical (9.8) Fortinet FortiOS vulnerability allowing remote, unauthenticated attackers to execute arbitrary code or commands using specially crafted requests. The flaw uses an externally-controlled format string vulnerability in the FortiOS fgfmd daemon.
Read Post
Snyk

How Snyk is prioritizing developer experience

Oct 16, 2024 By Anthony Larkin In Snyk
Context switching can be security’s worst enemy. Today’s security practices require developer buy-in, and when security teams require developers to deviate from their established workflows to address issues, adoption becomes far less likely. To truly empower developers to find and fix vulnerabilities within their code, security teams must shift security even further left. It’s not enough to simply provide user-friendly tools and training around them.
Read Post
outpost 24

CTEM step-by-step guide | Stage two: Discovery

Oct 14, 2024 By Marcus White In Outpost 24
Welcome to our blog series on Continuous Threat Exposure Management (CTEM), where we dig into the five essential stages of implementing a robust CTEM program. Coined by Gartner in 2022, CTEM is a powerful process that can help continuously manage cyber hygiene and risk across your environment. It’s also a lot to think about when you’re starting out, so it helps to break things down.
Read Post
seemplicity

8 Obstacles to Effective Remediation Plan Execution

Oct 14, 2024 By Megan Horner In Seemplicity
We’ve all seen it happen: you create a solid remediation plan, map out the misconfigurations and vulnerabilities, and develop a plan to fix them, but when it comes time to execute, things start to fall apart. Why do remediation plans fail even when they seem solid on paper? The truth is, it’s often not the plan itself, but how it’s executed. Let’s break down the common obstacles that cause remediation efforts to go wrong and what you can do to avoid them.
Read Post

Common Ways Hackers Break In: Vulnerabilities You Need to Fix

Oct 14, 2024 By Sedara In Sedara
In this webinar, we explored the most common vulnerabilities that cybercriminals exploit to infiltrate systems. Topics included outdated software, weak passwords, misconfigured settings, and unpatched security flaws. We discussed which vulnerabilities pose the greatest risks and shared practical strategies to address them. Watch this recording to gain actionable insights into fortifying your defenses and reducing your organization's attack surface, which will help you stay ahead of potential breaches.
View Video
nucleus

Nucleus Security Positioned as a Growth Leader in Frost Radar: Application Security Posture Management, 2024

Oct 11, 2024 By Corey Tomlinson In Nucleus
In September 2024, Frost & Sullivan released its Frost Radar: Application Security Posture Management (ASPM), 2024, highlighting the leaders in this rapidly growing market. We’re proud to be recognized as a top player, reflecting our strong growth and impact in the ASPM space. Our customers use Nucleus to achieve a comprehensive and unified application security posture.
Read Post
Arctic Wolf

CVE-2024-9164: Critical Arbitrary Branch Pipeline Vulnerability in GitLab EE

Oct 10, 2024 By Andres Ramos In Arctic Wolf
On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote attacker to run pipelines on arbitrary branches within a repository, which could potentially lead to code execution. A GitLab pipeline consists of a series of automated processes that execute in stages to build, test, and deploy code.
Read Post
Snyk

Foundations of trust: Securing the future of AI-generated code

Oct 10, 2024 By Danny Allan In Snyk
Generative artificial intelligence (GenAI) has already become the defining technology of the 2020s, with users embracing it to do everything from designing travel itineraries to creating music. Today’s software developers are leveraging GenAI en masse to write code, reducing their workload and helping reclaim their valuable time. However, it’s important developers account for potential security risks that can be introduced through GenAI coding tools.
Read Post
Snyk

Analyze Taint Analysis Faster with Improved Contextual Dataflow in Snyk Code

Oct 10, 2024 By Liran Tal In Snyk
Snyk Code is a powerful tool designed to help developers identify and automatically fix vulnerabilities in their source code. It eliminates flow interruptions and repeated work by detecting and resolving security issues in real time with over 80% autofixing accuracy. It integrates seamlessly with your development workflow, providing real-time feedback on security issues directly within your IDE, CLI, or SCM.
Read Post
armo

The vulnerability puzzle: understanding base images and their relationship to CVEs

Oct 10, 2024 By Jonathan Green In ARMO
Have you ever heard of CVEs? Maybe not by their acronym, but Common Vulnerabilities and Exposures, monitored by the CVE Program Mission, are everywhere. As of the writing of this article, there are over 220,000 CVE Records available—meaning many potential threats you could be exposed to. How can you ever protect your infrastructure against this reality? Well, the good news is, you usually don’t have to.
Read Post
astra

CVE-2024-47610: Stored XSS Vulnerability in InvenTree

Oct 9, 2024 By Aakanksha Khanna In Astra
Astra Security identified a vulnerability in the InvenTree Inventory Management System on October 2nd, 2024, which has since been patched. This vulnerability, CVE-2024-47610, is stored cross-site scripting (stored XSS) that targets versions of InvenTree below 0.16.5, where ‘Markdown,’ in the Notes feature, can enable attackers to run code. Cross-site scripting vulnerabilities allow a hacker to inject HTML code into an application and affect the users who intercept the code.
Read Post
kondukto

Ruby affected by CVE-2024-45409

Oct 9, 2024 By Kondukto Security Team In Kondukto
CVE-2024-45409 is a critical vulnerability in the Ruby-SAML (affecting versions up to 12.2 and from 1.13.0 to 1.16.0) and OmniAuth SAML libraries. It hence effectively poses a security risk for unpatched versions of GitLab (read more on the GitLab blog). This vulnerability arises from improper verification of the SAML Response signature. An attacker with access to any signed SAML document can forge a SAML Response or Assertion with arbitrary contents.
Read Post

The CUPS Vulnerability - The 443 Podcast - Episode 308

Oct 9, 2024 By WatchGuard In WatchGuard
This week on, Corey Nachreiner and Marc Laliberte cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. They also discuss a research post into Kia's remote control systems and then end with a new act that was just introduced into the US Senate to secure the healthcare industry.
View Video
Snyk

SnykLaunch Oct 2024: Enhanced PR experience, extended visibility, AI-powered security, holistic risk management

Oct 8, 2024 By Anthony Larkin In Snyk
After almost a decade in business, we’ve had the opportunity to watch the software development industry change dramatically. Developers work with more moving parts than ever, relying on technologies like third-party resources and AI coding assistants to release sophisticated software on tight deadlines. While we’ve been talking about the relationship between development and security for the past decade, the DevSecOps conversation has shifted quite a bit.
Read Post
seemplicity

Navigating the Vulnerability Management Lifecycle Efficiently

Oct 7, 2024 By Jessica Amado In Seemplicity
Efficiently managing cyber security exposures and vulnerabilities is critical to keeping an organization’s most valuable assets secure. With cyber threats growing in complexity and volume, security teams are constantly challenged to manage an increasing workload while keeping risks at bay. Streamlining the vulnerability management lifecycle has never been more important.
Read Post
Arctic Wolf

Anatomy of a Cyber Attack: The PAN-OS Firewall Zero-Day

Oct 7, 2024 By Arctic Wolf In Arctic Wolf
On April 12, 2024, Palo Alto Networks published a security advisory detailing an actively exploited maximum severity zero-day vulnerability affecting the GlobalProtect feature of PAN-OS. Dubbed CVE-2024-3400, it was assigned the maximum critical severity score of 10.0 through the Common Vulnerability Scoring System (CVSS), meaning the potential for damage was large and the path to exploit was easy for cybercriminals.
Read Post
nucleus

GigaOm Radar Report 2024: Insights on Continuous Vulnerability Management

Oct 7, 2024 By Corey Tomlinson In Nucleus
As organizations face increasingly sophisticated cyber threats, the importance of Continuous Vulnerability Management (CVM) continues to grow. GigaOm’s latest Radar Report for Continuous Vulnerability Management provides an in-depth analysis of the current landscape, offering a comprehensive look at the solutions and vendors leading the charge in this critical space. The report assesses a variety of platforms based on key criteria such as feature set, ease of use, performance, and innovation.
Read Post
kondukto

Linux Kernel effected by CVE-2023-2163

Oct 4, 2024 By Kondukto Security Team In Kondukto
CVE-2023-2163 is a critical vulnerability in the Linux Kernel, specifically affecting kernel versions 5.4 and above (excluding 6.3). This vulnerability arises from incorrect verifier pruning in the Berkeley Packet Filter (BPF), leading to unsafe code paths being incorrectly marked as safe. The vulnerability has a CVSS v3.1 Base Score of 8.8, indicating its high severity. The consequences are arbitrary read/write in kernel memory, lateral privilege escalation and container escape.
Read Post
obrela

Vulnerability Assessment VS Penetration Testing: What's the difference?

Oct 4, 2024 By Obrela In Obrela
In cybersecurity, vulnerability assessment and penetration testing are often discussed together, but they serve distinct purposes in securing a network. Organizations looking to strengthen their cybersecurity defenses must understand the differences between the two, as well as when and how to use each. This blog explores the difference between vulnerability assessment and penetration testing, and why a combined approach can be essential in achieving the most robust security strategy.
Read Post
protecto

LLM Security: Leveraging OWASP's Top 10 for LLM Applications

Oct 4, 2024 By Rahul Sharma In Protecto
Large Language Models (LLMs) transform how organizations process and analyze vast amounts of data. However, with their increasing capabilities comes heightened concern about LLM security. The OWASP Top 10 for LLMs offers a guideline to address these risks. Originally designed to identify common vulnerabilities in web applications, OWASP has now extended its focus to AI-driven technologies. This is essential as LLMs are prone to unique LLM vulnerabilities that traditional security measures may overlook.
Read Post
Arctic Wolf

Rackspace Breach Linked to Zero-Day Vulnerability in ScienceLogic SL1's Third-Party Utility

Oct 4, 2024 By Andres Ramos In Arctic Wolf
On September 24, 2024, Rackspace, a managed cloud computing company providing cloud hosting, dedicated servers, and multi-cloud solutions, reported an issue with their Rackspace Monitoring product in the ScienceLogic EM7 (ScienceLogic SL1) Portal. Rackspace utilizes the ScienceLogic application as a third-party tool for monitoring certain internal services.
Read Post
nucleus

It's Here! The New Nucleus Security User Interface

Oct 4, 2024 By Scott Kuffer In Nucleus
At Nucleus Security, our goal has always been to deliver an intuitive and scalable vulnerability management platform. A critical part of this mission is ensuring that its user interface (UI) evolves to meet our customers’ needs. I’m pleased to announce that we recently rolled out an updated UI—an important first step in a series of planned improvements aimed at enhancing our users’ experience with the Nucleus platform.
Read Post
foresiet

Novel Exploit Chain Enables Windows UAC Bypass: Understanding CVE-2024-6769

Oct 4, 2024 By Foresiet In Foresiet
Researchers have uncovered a new vulnerability, tracked as CVE-2024-6769, which enables attackers to bypass Windows User Access Control (UAC) and elevate their privileges to gain full system control without triggering any alerts. This exploit, affecting Microsoft’s Windows platform, has sparked debate about whether UAC truly acts as a security boundary. While Microsoft does not classify this as a vulnerability, security experts warn organizations to be vigilant about the risks involved.
Read Post
securitysenses

Securing QR Codes: Protect Against Cyber Threats

Oct 4, 2024 By SecuritySenses In SecuritySenses
QR codes have become part of daily life, enabling quick access to websites and services with a single scan. However, this convenience also makes them a major target for cybercriminals who exploit their popularity. The hidden nature of QR data can easily redirect users to malicious content or phishing sites without their knowledge. With the growing risks tied to this technology, businesses need to implement more advanced security measures. Simple practices like regularly checking code destinations and verifying source authenticity can help reduce vulnerabilities.
Read Post
foresiet

Millions of Kia Vehicles Exposed to Remote Hacks via License Plate: The Growing Risk of Automotive API Vulnerabilities

Oct 3, 2024 By Foresiet In Foresiet
In an increasingly connected world, the lines between digital security and physical safety are rapidly blurring. The automotive industry, now more reliant on connectivity than ever before, faces a new wave of cybersecurity threats. Millions of Kia vehicles, ranging from the 2013 model year to 2025, were recently found to be vulnerable to remote hacking via license plate information.
Read Post
nucleus

Deduplicate Vulnerabilities with the Nucleus Platform's New CVEs Page

Oct 3, 2024 By Rob Gibson In Nucleus
Vulnerability management is often a complex task, particularly when using multiple scanning tools or dealing with the constant flow of new CVEs. Different scanners can uncover the same vulnerability but provide different insights or look at different metadata, making it look like one vulnerability is several without the proper context. We are excited to introduce the Nucleus CVEs Page, designed to enhance how your organization manages vulnerabilities across projects.
Read Post
Snyk

The mysterious supply chain concern of string-width-cjs npm package

Oct 3, 2024 By Liran Tal In Snyk
This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.
Read Post
splunk

My CUPS Runneth Over (with CVEs)

Oct 3, 2024 By Splunk Threat Research Team In Splunk
The Common Unix Printing System (CUPS), a standard component in nearly every Unix-like and Linux system, has recently come under scrutiny due to a series of critical vulnerabilities discovered by security researcher Simone Margaritelli. These issues, collectively known as the CUPS vulnerability, expose Linux and Unix environments to potential remote code execution and information disclosure risks.
Read Post
seemplicity

Enhanced Threat Exposure Management with Seemplicity and OX Security

Oct 2, 2024 By Kevin Swan In Seemplicity
Managing vulnerabilities across multiple domains, and especially application security, is a challenging task for enterprise organizations. Security teams often find themselves grappling with fragmented tools and data, leading to inefficiencies and potential blind spots. Seemplicity’s recent integration with Ox Security addresses this issue directly, offering a unified approach to vulnerability management that bridges the gap between security, development, and operations teams.
Read Post
Snyk

Proactive AppSec continuous vulnerability management for developers and security teams

Oct 2, 2024 By Liran Tal In Snyk
What are some of the growing cybersecurity risks in the modern software development landscape that keep CISOs busy? Developers and security teams face an ever-increasing array of threats, from sophisticated open source and vendor-controlled supply chain attacks to vulnerabilities introduced by AI-generated code like prompt injection and poor code security by GitHub Copilot.
Read Post
Snyk

Snyk named a 2024 Gartner Peer Insights Customers' Choice for Application Security Testing for the 3rd consecutive year

Oct 2, 2024 By Nina McClure In Snyk
Snyk, a leading provider in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2024 Gartner Peer Insights Voice of the Customer for Application Security Testing for a third consecutive year. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding user interest, adoption, and overall experience.
Read Post
cycognito

Emerging Security Issue: HashiCorp Vault SSH CVE-2024-7594

Oct 1, 2024 By Emma Zaballos In CyCognito
CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.
Read Post
indusface

RCE Zero Day Vulnerabilities in CUPS Put Linux Systems at Risk

Oct 1, 2024 By Vivek Chanchal In Indusface
A new series of vulnerabilities in the Common Unix Printing System (CUPS) threatens numerous Linux systems, potentially allowing remote code execution (RCE). This affects a wide range of platforms, including Debian, Red Hat, SUSE and macOS. The vulnerabilities—tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177—are believed to endanger over 76,000 devices, with estimates suggesting up to 300,000 could be affected.
Read Post
outpost 24

Exploiting trust: Weaponizing permissive CORS configurations

Oct 1, 2024 By Thomas Stacey In Outpost 24
If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).
Read Post
Snyk

Going beyond reachability to prioritize what matters most

Oct 1, 2024 By Jamie Smith In Snyk
Most modern applications contain a substantial number of open source packages, libraries, and frameworks. In fact, it's estimated that at least 80% of the source code in modern applications is from open source. In addition to relying heavily on commodity components to build applications, development teams often deploy these apps and services via community-sourced container base images.
Read Post
splunk

A Case Study in Vulnerability Prioritization: Lessons Learned from Large-Scale Incidents

Oct 1, 2024 By Audra Streetman In Splunk
There’s no way around it: vulnerability management is complex. As organizations become more reliant on software and applications, the sheer volume of known vulnerabilities has become more difficult to track, prioritize, and remediate. Adversaries have also become increasingly reliant on exploiting vulnerabilities in order to compromise organizations.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.