Foresiet, your trusted cybersecurity advisor, brings attention to the recent addition of a security flaw impacting Apache Flink to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Tracked as CVE-2020-17519, this vulnerability poses a significant risk due to its potential for active exploitation. Understanding the Vulnerability.

Foresiet, your go-to cybersecurity ally, is here to illuminate recent security updates from GitLab and offer essential guidance to ensure your digital defenses remain resilient against emerging threats. GitLab's Critical Vulnerability Patch and Security Updates.

In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature, which permitted unauthorized command execution. These recent findings underscore the persistent challenges in ensuring cybersecurity defenses and prompt updates for security solutions themselves.

UAT4356 is a state-sponsored threat actor that targets perimeter network devices in government networks globally with a clear focus on espionage. Their first activity can be traced back to November 2023, although researchers found evidence that the group was testing its capabilities as early as July 2023. So far, the initial attack vector used by the group has not been able to be determined.

Organizations of all sizes need to be proactive in identifying and mitigating vulnerabilities in their networks. To help organizations better understand the value and process of a vulnerability scan, Trustwave’s Philip Pieterse, Managing Consultant for the Americas division of SpiderLabs and Dhervesh Singh, senior Security Consultant with SpiderLabs conducted a webinar exploring key offensive security testing methodologies: vulnerability scanning, penetration testing, and purple teaming.

In an era of digital innovation and technological advancements, robust application security has never been more crucial. As cyber threats continue to evolve, organizations must stay ahead of the curve to protect their sensitive data and maintain the security of their users. One project that can help in this process is OWASP (Open Web Application Security Project), a globally recognized non-profit organization dedicated to improving application security.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! There certainly has been an increasing number of VPN breaches of late, many of which are SSL based. Time to get rid?

In today's digital age, where interconnectivity is the norm, routers act as custodians of business information. These devices, which can sometimes be undervalued, control data traffic between our devices and the global network. However, recent events have highlighted vulnerabilities that may affect a large number of routers, raising concerns about the protection of sensitive information handled by enterprises.

On May 6th, 2024, researchers from the Leviathan Security Group published an article detailing a technique to bypass most VPN applications, assigned as CVE-2024-3661 with a High CVSS score of 7.6. Researchers have labeled this technique ‘decloaking’ as while the VPN tunnel remains connected, it allows attackers to trick many VPN clients into sending traffic via a side channel and not through the encrypted tunnel.