Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2024

cycognito

Emerging Threat: Palo Alto PAN-OS CVE-2024-3393

Dec 31, 2024 By Emma Zaballos In CyCognito
CVE-2024-3393 is a high severity (CVSS v4.0 score 8.7) Denial of Service (DoS) vulnerability affecting specific versions of Palo Alto Networks PAN-OS DNS Security feature. This vulnerability allows unauthenticated attackers to send malicious packets through the data plane of the firewall. This forces the firewall to reboot. Repeated attempts can force the firewall into maintenance mode, requiring security teams to manually reset the firewall and significantly disrupting operations.
Read Post
squarex

SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach

Dec 30, 2024 By SquareX
SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store.
Read Post
centripetal

Security Bulletin: Critical Remote Code Execution Vulnerability in Apache Struts [CVE-2024-53677]

Dec 30, 2024 By Lauren Farrell In Centripetal
A newly discovered critical vulnerability, CVE-2024-53677, in Apache Struts enables remote code execution (RCE) and is actively exploited in the wild using a publicly available Proof-of-Concept (PoC). Apache Struts is an open-source framework for building Java-based web applications. It helps developers create scalable software solutions, that powers everything from e-commerce websites to financial systems and government platforms.
Read Post

A Simple Guide to Building a Discord Bot! (Part 3)

Dec 30, 2024 By Snyk In Snyk
This is the third video of our series 'How to Build a Discord Bot'. In this video, we will be focussing on data storage and setting up a database to store our Wordle results in. Stay tuned for the next video where we will be deploying the bot, which will be able to run 24/7! Each video will be published one week from the previous.
View Video
indusface

Vulnerability Management Best Practices

Dec 26, 2024 By Karthik Krishnamoorthy In Indusface
With each organization facing over 30 critical or high-risk vulnerabilities per website/public-facing asset annually and 31% of these remaining open for over 180 days, the pressure to address vulnerabilities promptly is undeniable. Delays in patching not only increase the risk of breaches but also erode the trust of clients, vendors, and partners while compromising compliance efforts.
Read Post
astra

CVE-2024-47836: HTML Injection Vulnerability in Admidio User Management

Dec 24, 2024 By Prateek Kuber In Astra
On October 9, 2024, the security researchers at Astra Security found an HTML injection vulnerability in the messages section of the Admidio User Management solution. The vulnerability, assigned CVE-2024-47836, allows attackers to inject arbitrary HTML content into the application, which could manipulate webpage behavior, mislead users, and act as a precursor to further attacks.
Read Post
signmycode

OWASP Kubernetes Top 10 : Everything to know About Risks & Mitigation

Dec 24, 2024 By SignMyCode In SignMyCode
As open-source software, Kubernetes gives a platform to orchestrate containers or control application deployment in a containerized way, simplifying their running. It is a scalable and efficient system that automatically deploys and scales applications so the developers can focus on their coding. In contrast, the system takes care of other underlying infrastructure work.
Read Post

How to Build a Discord Bot in 16 Minutes (Part 2)

Dec 23, 2024 By Snyk In Snyk
This is the second video of our series 'How to Build a Discord Bot'. In this video, we will be learning about what Wordle is and how it works as well as building out the logic for the bot and testing it out. Stay tuned for the next video where we start using a database to store the Wordle results! Each video will be published one week from the previous.
View Video
cyberint

The ROI of Active Exposure Validation

Dec 22, 2024 By Nir Ben Eliezer In Cyberint
Organizations are overwhelmed by the sheer volume of vulnerabilities detected across their digital assets. Teams risk wasting time on low-impact issues while missing critical vulnerabilities that attackers could exploit. This inefficiency increases exposure to breaches and prolongs Mean Time to Resolution (MTTR). The diagram below shows the number of new vulnerabilities detected per quarter, from the year 2000 to Q1 2024, and the trend is not hard to see.
Read Post

Nucleus Security's Year-End Panel on Risk-Based Vulnerability Management

Dec 20, 2024 By Nucleus In Nucleus
In this Nucleus webinar, our panel of cybersecurity experts delves into the complexities and best practices for Risk-Based Vulnerability Management (RBVM) in modern organizations. Led by co-founder Scott Kuffer, the discussion covers the evolution of RBVM, the importance of a unified data approach, the role of automated tools, and effective metrics for vulnerability management. Insights from Cecil Pineda, Gregg Martin, and Steve Carter provide a comprehensive look at strategies for mitigating risks and improving security posture through enhanced vulnerability management processes into 2025.
View Video
cycognito

Emerging Threat: Apache Struts CVE-2024-53677

Dec 19, 2024 By Emma Zaballos In CyCognito
CVE-2024-53677 is a critical (9.5) remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework for building Java-based web apps. This vulnerability affects the framework’s file upload logic, allowing attackers to enable paths traversal and perform remote code execution using malicious files.
Read Post
nucleus

Making CIS Benchmarks Part of your Vulnerability Management Strategy

Dec 19, 2024 By Scott Kuffer In Nucleus
While vulnerability management is one of the few preventative practices in security, vulnerability patching is still a reactive process. It’s a continuous cycle of discovery, vendors releasing patches, and remediation teams applying those patches. What if there was a way to build in some proactivity to this endless reactive spiral?
Read Post
Arctic Wolf

CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release

Dec 18, 2024 By Andres Ramos In Arctic Wolf
On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.
Read Post
Snyk

4 tips for securing GenAI-assisted development

Dec 18, 2024 By Sarah Conway In Snyk
Gartner predicts that generative AI (GenAI) will become a critical workforce partner for 90% of companies by next year. In application development specifically, we see developers turning to code assistants like Github Copilot and Google Gemini Code Assist to help them build software at an unprecedented speed. But while GenAI can power new levels of productivity and speed, it also introduces new threats and challenges for application security teams.
Read Post
Snyk

Did you make the *security* naughty or nice list this year?

Dec 18, 2024 By Mariah Gresham In Snyk
As we approach the end of the year, many of us are reflecting on what we accomplished in 2024 — what did we do well this year? What could we have done better? It's also the perfect time to reflect on how to improve your team’s security practices. Have you been staying ahead of threats or have you let a few vulnerabilities slip through the cracks?
Read Post
ionix

Exploited! Kerio Control's HTTP Response Splitting Vulnerability (CVE-2024-52875)

Dec 18, 2024 By Fara Hain In IONIX
CVE-2024-52875 is an HTTP Response Splitting vulnerability in Kerio Control. This flaw allows an attacker to inject malicious input into HTTP response headers by introducing carriage return (\r) and line feed (\n) characters. Such manipulation can cause the server to send multiple HTTP responses instead of one, leading to various attacks.
Read Post
outpost 24

Top three cyber threats that will persist in 2025

Dec 17, 2024 By Lydia Atienza In Outpost 24
As another year comes to an end, it’s not only Santa who brings presents for those on his nice list. These days, it’s quite common for well-known firms to publish their annual roundups of the most notable events that have taken place in the cybersecurity landscape, together with predictions of what can we expect in next twelve months.
Read Post
Arctic Wolf

Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces

Dec 17, 2024 By Andres Ramos In Arctic Wolf
Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public internet. While our investigation into this activity is ongoing and the scope is yet to be fully determined, organizations running these products should ensure that they are adhering to security best practices for management access of firewall devices.
Read Post
Arctic Wolf

CVE-2024-12356: Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA)

Dec 17, 2024 By Arctic Wolf In Arctic Wolf
On December 16, 2024, BeyondTrust published a security advisory outlining a vulnerability impacting their Remote Support (RS) and Privileged Remote Access (PRA) software. The flaw, CVE-2024-12356, is a critical severity command injection vulnerability. If successfully exploited it can allow an unauthenticated remote threat actor to execute underlying operating system commands within the context of the site user.
Read Post
securitysenses

Emerging Threats in Cybersecurity: Safeguarding Software from Evolving Risks

Dec 16, 2024 By SecuritySenses In SecuritySenses
In the digital-first landscape of today, cybersecurity threats are getting increasingly advanced and widespread, posing serious risks that could have adverse impacts on organizations the world over. Businesses are conducted through complex software systems and are increasingly susceptible to such attacks. Attackers continue refining their phishing scams and advanced persistent threats to exploit new vulnerabilities. Of the many, one such covert threat comprises malicious code, which recently has emerged as a permanent feature that requires proactive ways of lessening its impact.
Read Post
signmycode

Cross-Site Scripting (XSS) Explained: Types, Impacts, and Proven Prevention Strategies

Dec 12, 2024 By SignMyCode In SignMyCode
Today, in the cyber environment, web applications are irreplaceable; we use them for everything from banking to social networking. On the one hand, they have given new impetus to smooth internet traffic. Still, they carry the risk of vulnerabilities of the type of Cross-Site Scripting (XSS), one of the most destructive types of vulnerabilities for cyber security.
Read Post
Arctic Wolf

Cleo Releases Patches for Cleo MFT Zero-day Vulnerability

Dec 12, 2024 By Andres Ramos In Arctic Wolf
On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed unauthenticated threat actors to import and execute arbitrary shell commands on Windows and Linux on affected devices by exploiting default settings of the Autorun directory. The fix is included in version 5.8.0.24, and is now available for Cleo Harmony, VLTrader, and Lexicom.
Read Post
Snyk

Snyk's risk-based approach to prioritization

Dec 11, 2024 By Daniel Berman In Snyk
Vulnerability identification is a key part of application security (AppSec). This process entails tracking and reporting the number of vulnerabilities found and fixed to give stakeholders clear insight into the organization’s security posture. However, identifying and monitoring vulnerabilities using traditional methods can make risk evaluation more difficult.
Read Post
Snyk

Ultralytics AI Pwn Request Supply Chain Attack

Dec 11, 2024 By Stephen Thoemmes In Snyk
The ultralytics supply chain attack occurred in two distinct phases between December 4-7, 2024. In the first phase, two malicious versions were published to PyPI: version 8.3.41 was released on December 4 at 20:51 UTC and remained available for approximately 12 hours until its removal on December 5 at 09:15 UTC. Version 8.3.42 was published shortly after on December 5 at 12:47 UTC and was available for about one hour before removal at 13:47 UTC.
Read Post
Arctic Wolf

Ivanti Patches Multiple Critical-Severity Vulnerabilities in Cloud Services Application

Dec 11, 2024 By Steven Campbell In Arctic Wolf
On December 10, 2024, Ivanti released updates for three critical-severity vulnerabilities impacting their Cloud Services Application. By chaining the vulnerabilities together, a threat actor could obtain administrative privileges via authentication bypass (CVE-2024-11639), which could then allow for remote code execution (CVE-2024-11172) and/or SQL injection (CVE-2024-11173).
Read Post
outpost 24

New RBAC feature offers granularity and flexibility for Outpost24's EASM customers

Dec 10, 2024 By Outpost 24 In Outpost 24
A new role-based access control (RBAC) feature has been added to Outpost24’s external attack surface management (EASM) solution. This opens up new possibilities for Outpost24 customers, allowing them to be more granular when it comes to configuring permissions for different roles.
Read Post
Snyk

How to mitigate SSRF vulnerabilities in Go

Dec 10, 2024 By Liran Tal In Snyk
Securing HTTP requests is crucial when developing Go applications to prevent vulnerabilities like Server-Side Request Forgery (SSRF). SSRF occurs when an attacker manipulates a server to make unintended requests, potentially accessing internal services or sensitive data. We will explore how to secure HTTP requests by employing URL parsing and validation techniques, and provide example code to fortify the http.Get HTTP GET request handler.
Read Post
Arctic Wolf

Arctic Wolf Labs Observes Threat Campaign Targeting Cleo MFT Products - Remediation Guidance

Dec 10, 2024 By Andres Ramos In Arctic Wolf
Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin. On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. Initial indications of malicious activity in this campaign were identified as early as October 19, with a sharp increase in early December.
Read Post
Trustwave

When User Input Lines Are Blurred: Indirect Prompt Injection Attack Vulnerabilities in AI LLMs

Dec 10, 2024 By Tom Neaves In Trustwave
It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway's Founder’s Building in Egham, Surrey (UK) while studying for my MSc in Information Security. Back then, the lecture in progress was from the software security module. The first rule of software security back then was never to trust user inputs.
Read Post
Snyk

Snyk-generated SBOMs now include license details for the open source libraries in your projects

Dec 9, 2024 By Jamie Smith In Snyk
We’re excited to announce that SBOMs (software bill of materials) generated by Snyk's tools will include license information! This new capability is part of our ongoing efforts in our Software Supply Chain Security solution. The developer-first tools in the solution help you gain a better understanding of your app’s supply chain, identify potential risks, and take the necessary steps to get ahead of them.
Read Post

Application Security 101: A Guide for Developers

Dec 9, 2024 By Snyk In Snyk
Most developers and companies believe their applications to be secure and understand the importance of security. However, year after year, they continue to push vulnerable code into production... In order to avoid these pitfalls and improve the overall security of our applications, we need to understand what application security (or AppSec) is all about. In this video, you will learn what application security is, why it's important and what you can do to keep your applications secure.
View Video
tripwire

Steps for Successful Vulnerability Management: Lessons from the Pitch

Dec 9, 2024 By Anthony Israel-Davis In Tripwire
When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck.
Read Post

API Vulnerabilities in Q3: Key Product Categories at Risk #APISecurity #AIAPIs #CyberSecurity

Dec 9, 2024 By Wallarm In Wallarm
Discover the most vulnerable product categories from Q3 and what they mean for API security: A rise in AI and machine learning API exploits, creating new challenges. Why enterprise hardware, DevOps tools, and legacy APIs like XML RPC remain primary targets. How categorizing vulnerabilities provides industry-specific guidance for better protection.
View Video
CalCom

Windows Zero-Day Threat: Protect Your NTLM Credentials

Dec 8, 2024 By John Gates In CalCom
A newly discovered zero-day vulnerability in Windows potentially exposes users across multiple Windows versions to credential theft. Discovered by 0patch researchers, this critical security flaw allows attackers to steal NTLM credentials through a deceptively simple method. The vulnerability affects a wide range of Windows systems, including: Technical details of the vulnerability are withheld to minimize exploitation risk until Microsoft issues a fix to minimize any further risk of exploitation.
Read Post

Exploitability in APIs: Patterns and Risks Uncovered #APIExploit #SecurityTools #APISecurity

Dec 5, 2024 By Wallarm In Wallarm
APIs are integral to modern technology but are often highly vulnerable. In this video, we discuss: The significance of a 7.5 CVSS score for common API vulnerabilities. How API design, aimed at accessibility, increases exploitability. Key patterns identified in over 200 API issues analyzed quarterly. Why securing your APIs is essential, no matter the risk level.
View Video
ionix

Exploited! NuPoint Unified Messaging (NPM) Component of Mitel MiCollab

Dec 5, 2024 By Nethanel Gelernter In IONIX
The NuPoint Unified Messaging (NPM) module in Mitel MiCollab versions up to 9.8 SP1 FP2 (9.8.1.201) is vulnerable to a path traversal attack caused by insufficient input validation. This vulnerability could be exploited by an unauthenticated attacker to gain unauthorized access to sensitive files, potentially allowing them to read, alter, or delete user data and critical system settings. The Mitel MiCollab Arbitrary File Read Vulnerability combines CVE-2024-41713 with another yet-to-be-assigned issue.
Read Post
Forward Networks

Find and Remediate PAN-OS Vulnerabilities in Seconds with Forward Enterprise

Dec 5, 2024 By Forward Networks In Forward Networks
The vulnerabilities CVE-2024-0012 and CVE-2024-9474 exploit weaknesses in the PAN-OS management interface, allowing attackers to bypass authentication and escalate privileges, potentially resulting in unauthorized control over network devices. Addressing these vulnerabilities quickly and effectively is critical to maintaining security and compliance.
Read Post
jfrog

Machine Learning Bug Bonanza - Exploiting ML Clients and "Safe" Model Formats

Dec 4, 2024 By Shachar Menashe In JFrog
In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services.
Read Post
tigera

How Calico Vulnerability Management Works

Dec 4, 2024 By John Alexander In Tigera
In the ever-evolving Kubernetes landscape, security remains a paramount concern. Ensuring that your containers are free from vulnerabilities is crucial for maintaining the integrity and performance of your applications. This is where Calico Vulnerability Management steps in, offering a comprehensive solution designed to keep your Kubernetes environment secure from potential threats.
Read Post
Snyk

Seven steps to close coverage gaps with ASPM

Dec 3, 2024 By Daniel Berman In Snyk
The old adage “knowledge is power” holds especially true in the realm of AppSec. By remaining aware of the potential threats to applications and closing gaps in coverage, AppSec teams can demonstrate to leaders that they are in a solid position to protect vital assets. However, visibility is riddled with challenges, not the least of which are highly productive developers racing to market, often using AI-generated code that contains potential security issues.
Read Post
tripwire

Avoiding Pitfalls in Vulnerability Management: Key Insights and Best Practices

Dec 3, 2024 By Mieng Lim In Tripwire
Vulnerability management (VM) has always been a complex area of concern that requires continuous and active effort to work properly. This can make it challenging for organizations to maintain their VM strategies and solutions over time, as there are many angles to secure and processes to oversee. There are a wide range of potential ways that VM can go wrong, and it is essential for organizations to avoid the many pitfalls associated with it.
Read Post

How to Find and Remediate PAN-OS Vulnerabilities in Seconds with Forward Enterprise

Dec 3, 2024 By Forward Networks In Forward Networks
With Forward Enterprise, you can go from "I think my network is vulnerable" to "I know the exact details of my network's vulnerabilities and I have a clear path to prioritizing remediation". In this video, Mike shows how users can quickly find critical vulnerabilities like Palo Alto Networks' CVE-2024-0012 and CVE-2024-9474. ).
View Video

Web Shell Upload Via Extension Blacklist Bypass - Part 2

Dec 3, 2024 By VISTA InfoSec In VISTA InfoSec
Web shell attacks are a critical and growing threat, often evading traditional defenses. In this Part 2 of our exploration into web shell attacks, we uncover how attackers leverage extension blacklist bypasses to upload malicious web shells and compromise systems. Stay informed! Like, comment, and subscribe for more expert insights into cyber threats and effective defense strategies. For Collaboration and Business enquiries, please use the contact information below.
View Video
Arctic Wolf

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

Dec 3, 2024 By Andres Ramos In Arctic Wolf
On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing. VSPC is a management tool designed for service providers to manage customer backups. The vulnerability allows a remote threat actor to perform Remote Code Execution (RCE) on the VSPC server machine from an authorized VSPC management agent machine.
Read Post
Snyk

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Dec 3, 2024 By Jamie Smith In Snyk
Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.
Read Post
astra

Stored XSS Vulnerability in Dynamic Dashboard Paragraph Widget

Dec 2, 2024 By Prateek Kuber In Astra
Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 On October 5, 2024, the security researchers from Astra discovered a severe Stored Cross-Site Scripting vulnerability in Dynamic Dashboard’s paragraph widget. The widget, used for text and markdown, has inadequate input sanitization allowing attackers to inject malicious code.
Read Post
astra

CVE-2024-9900: Stored XSS Vulnerability in Muddler's LocalAI

Dec 2, 2024 By Prateek Kuber In Astra
Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 Astra Security researchers identified a vulnerability in LocalAI, an Open-Source OpenAI alternative. The vulnerability, CVE-2024-9900, is a stored Cross-Site Scripting issue affecting the LocalAI v2.21.1 prompts, which allow malicious scripts and payloads to be input.
Read Post
seemplicity

DevSecOps Tools for Cybersecurity Success

Dec 2, 2024 By Jessica Amado In Seemplicity
With DevSecOps, cybersecurity has become integrated into every phase of the software development lifecycle (SDLC). DevSecOps tools work across development, security, and operations siloes and enable these teams to work collaboratively, ensuring security vulnerabilities are addressed early and efficiently, reducing risks before they reach production.
Read Post
senseon

A SenseOn Advisory: PAN-OS zero-day vulnerabilities CVE-2024-9474 & CVE-2024-0012

Dec 2, 2024 By Daniela Lopez In SenseOn
On the 18th of November 2024, Palo Alto published advisories disclosing two vulnerabilities affecting the Web Management Interface in PAN-OS. The most critical of these vulnerabilities is CVE-2024-0012 with a severity rating of 9.3. Exploitation of this vulnerability allows a remote, unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.