Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

kondukto

Linux Kernel effected by CVE-2023-2163

Oct 4, 2024 By Kondukto Security Team In Kondukto
CVE-2023-2163 is a critical vulnerability in the Linux Kernel, specifically affecting kernel versions 5.4 and above (excluding 6.3). This vulnerability arises from incorrect verifier pruning in the Berkeley Packet Filter (BPF), leading to unsafe code paths being incorrectly marked as safe. The vulnerability has a CVSS v3.1 Base Score of 8.8, indicating its high severity. The consequences are arbitrary read/write in kernel memory, lateral privilege escalation and container escape.
Read Post
obrela

Vulnerability Assessment VS Penetration Testing: What's the difference?

Oct 4, 2024 By Obrela In Obrela
In cybersecurity, vulnerability assessment and penetration testing are often discussed together, but they serve distinct purposes in securing a network. Organizations looking to strengthen their cybersecurity defenses must understand the differences between the two, as well as when and how to use each. This blog explores the difference between vulnerability assessment and penetration testing, and why a combined approach can be essential in achieving the most robust security strategy.
Read Post
securitysenses

Securing QR Codes: Protect Against Cyber Threats

Oct 4, 2024 By SecuritySenses In SecuritySenses
QR codes have become part of daily life, enabling quick access to websites and services with a single scan. However, this convenience also makes them a major target for cybercriminals who exploit their popularity. The hidden nature of QR data can easily redirect users to malicious content or phishing sites without their knowledge. With the growing risks tied to this technology, businesses need to implement more advanced security measures. Simple practices like regularly checking code destinations and verifying source authenticity can help reduce vulnerabilities.
Read Post
foresiet

Millions of Kia Vehicles Exposed to Remote Hacks via License Plate: The Growing Risk of Automotive API Vulnerabilities

Oct 3, 2024 By Foresiet In Foresiet
In an increasingly connected world, the lines between digital security and physical safety are rapidly blurring. The automotive industry, now more reliant on connectivity than ever before, faces a new wave of cybersecurity threats. Millions of Kia vehicles, ranging from the 2013 model year to 2025, were recently found to be vulnerable to remote hacking via license plate information.
Read Post
nucleus

Deduplicate Vulnerabilities with the Nucleus Platform's New CVEs Page

Oct 3, 2024 By Rob Gibson In Nucleus
Vulnerability management is often a complex task, particularly when using multiple scanning tools or dealing with the constant flow of new CVEs. Different scanners can uncover the same vulnerability but provide different insights or look at different metadata, making it look like one vulnerability is several without the proper context. We are excited to introduce the Nucleus CVEs Page, designed to enhance how your organization manages vulnerabilities across projects.
Read Post
Snyk

The mysterious supply chain concern of string-width-cjs npm package

Oct 3, 2024 By Liran Tal In Snyk
This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.
Read Post
splunk

My CUPS Runneth Over (with CVEs)

Oct 3, 2024 By Splunk Threat Research Team In Splunk
The Common Unix Printing System (CUPS), a standard component in nearly every Unix-like and Linux system, has recently come under scrutiny due to a series of critical vulnerabilities discovered by security researcher Simone Margaritelli. These issues, collectively known as the CUPS vulnerability, expose Linux and Unix environments to potential remote code execution and information disclosure risks.
Read Post
seemplicity

Enhanced Threat Exposure Management with Seemplicity and OX Security

Oct 2, 2024 By Kevin Swan In Seemplicity
Managing vulnerabilities across multiple domains, and especially application security, is a challenging task for enterprise organizations. Security teams often find themselves grappling with fragmented tools and data, leading to inefficiencies and potential blind spots. Seemplicity’s recent integration with Ox Security addresses this issue directly, offering a unified approach to vulnerability management that bridges the gap between security, development, and operations teams.
Read Post
Snyk

Proactive AppSec continuous vulnerability management for developers and security teams

Oct 2, 2024 By Liran Tal In Snyk
What are some of the growing cybersecurity risks in the modern software development landscape that keep CISOs busy? Developers and security teams face an ever-increasing array of threats, from sophisticated open source and vendor-controlled supply chain attacks to vulnerabilities introduced by AI-generated code like prompt injection and poor code security by GitHub Copilot.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.