Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

nucleus

Nucleus Security Launches Nucleus Vulnerability Intelligence Platform to Accelerate Threat Assessment and Risk Mitigation

Jul 31, 2024 By Nucleus In Nucleus
Nucleus Security announces the launch of its Nucleus Vulnerability Intelligence Platform. Nucleus Vulnerability Intelligence Platform enables enterprises to aggregate, analyze, and act on insights from government, open-source, and premium threat intelligence feeds while reducing manual effort, accelerating threat assessment, and promoting proactive remediation.
Read Post
Zenity

Utilizing Zenity's Security Suite to Detect and Mitigate AI Vulnerabilities in Real-Time

Jul 31, 2024 By Andrew Silberman In Zenity
AI has completely changed how we live, work and play. With its unparalleled efficiency, ongoing learning abilities and its detailed precision, it makes short work out of what used to be more complex and cumbersome tasks. Although AI systems are incredibly powerful and only growing in capacity and scale, they’re not without their challenges. Like other types of programs and infrastructures, AI is not immune to vulnerabilities and security issues.
Read Post
Arctic Wolf

Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager Responsibly Disclosed to Vendor

Jul 31, 2024 By Stefan Hostetler In Arctic Wolf
On July 17, 2024, SolarWinds published a security advisory detailing multiple critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities were responsibly disclosed to SolarWinds by researchers working with Trend Micro’s Zero Day Initiative (ZDI). The vulnerabilities have CVSS scores ranging between 7.6 to 9.6. The disclosed vulnerabilities allow for remote code execution (RCE), directory traversal, information disclosure, and authentication bypass.
Read Post
nucleus

Operationalize EPSS Scoring to Build Mature and Proactive Vulnerability Management

Jul 30, 2024 By Corey Tomlinson In Nucleus
Cybersecurity teams across all disciplines, including vulnerability management, are challenged to move faster than ever before. Whether it’s responding to a security incident, finding a new vulnerability, or stopping an attack, speed is at a premium.
Read Post
wallarm

CVE-2024-41110: Once Again, Docker Addresses API Vulnerability That Can Bypass Auth Plugins

Jul 30, 2024 By Wallarm In Wallarm
A significant vulnerability (CVE-2024-41110) was recently discovered in Docker Engine version 18.09.1.Although the issue was identified and fixed in 2019, the patch did not apply to other major versions, resulting in regression. The vulnerability was assigned a CVSS score of 10 (critical).
Read Post
Trustwave

Multiple Cross-Site Scripting (XSS) Vulnerabilities in REDCap (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396)

Jul 30, 2024 By Hamza Hussain In Trustwave
Trustwave SpiderLabs uncovered multiple stored cross-site scripting (XSS) vulnerabilities (CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396) in REDCap (Research Electronic Data Capture), a widely used web application for building and managing online surveys and databases in research environments. These vulnerabilities, if exploited, could allow attackers to execute malicious JavaScript code in victims' browsers, potentially compromising sensitive data.
Read Post
tanium

How To Identify, Contain, and Remediate Zero-Day Risks and Get back to Your Day Job in 30 Minutes

Jul 30, 2024 By Tanium In Tanium
WannaCry, Log4j, Follina, Spring4Shell — these incidents send shivers down the spines of anybody who works in IT or security. Zero-day vulnerabilities are unknown or unaddressed exploitable software or hardware security flaws that are typically unknown to the vendor and for which no patch or other fix is yet available.
Read Post
Snyk

Preventing SQL injection in C# with Entity Framework

Jul 30, 2024 By Brian Vermeer In Snyk
SQL injection (SQLi) is one of the most severe security vulnerabilities in web applications. It occurs when an attacker is able to manipulate the SQL queries executed by an application by injecting malicious SQL code into user input fields. SQLi can lead to unauthorized access to sensitive data, data corruption, or even complete control over the database server.
Read Post
bitsight

Don't RegreSSH: An Anti-Pavlovian Approach to Celebrity Vulns

Jul 30, 2024 By Ben Edwards In BitSight
Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.
Read Post
Arctic Wolf

CVE-2024-6327: Critical RCE Vulnerability in Progress Telerik Report Server

Jul 29, 2024 By Andres Ramos In Arctic Wolf
On July 24, 2024, Progress published a knowledge base article disclosing a critical vulnerability (CVE-2024-6327) impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations. This vulnerability can lead to remote code execution (RCE) due to the deserialization of untrusted data. Arctic Wolf has not identified a publicly accessible proof of concept (PoC) exploit or active exploitation of this vulnerability. However, most notably.
Read Post

GitHub Copilot Makes You Vulnerable

Jul 29, 2024 By Snyk In Snyk
Did you know that GitHub Copilot may suggest insecure code if your existing codebase contains security issues? While giving AI tools better examples to learn from can improve their behavior, it doesn't guarantee protection or guardrails against security vulnerabilities. Today, we are taking a look at how AI tools, such as Copilot, can be unsafe and what you can do to keep your projects secure. Resources.
View Video
wallarm

Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market

Jul 27, 2024 By Wallarm In Wallarm
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT team officially has a Zero-Day vulnerability/exploit on their hands! A zero-day vulnerability is a software vulnerability discovered by attackers before the vendor has become aware of it.
Read Post
indusface

Business Logic Vulnerability - Examples and Attack Prevention

Jul 26, 2024 By Venkatesh Sundar In Indusface
Breaking into an organisation’s IT infra doesn’t always require complex methods. Hackers often exploit normal applications and API functions in unexpected ways to access sensitive data. For example, the 2019 Venmo breach involved the exploitation of an open API to scrape millions of payment records. A design oversight in the API allowed attackers to exploit its normal functions in an unintended manner—scraping payment records without proper authorization.
Read Post
Snyk

Repo Jacking: The Great Source-code Swindle

Jul 25, 2024 By Elliot Ward In Snyk
In this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC (Infrastructure as Code) and Composer (PHP package registry) ecosystems. Despite its power, Repo Jacking remains under-researched and frequently misunderstood.
Read Post
nucleus

Nucleus & Cycode Integration Delivers Unified Vulnerability Management and Application Security

Jul 25, 2024 By Adam Dudley In Nucleus
As modern enterprise IT environments become more complex, the need for robust cybersecurity measures continues to grow. Because of this expanding complexity, DevSecOps functions are more common, requiring the integration of security into the application development lifecycle. Application Security Posture Management (ASPM) solutions offer a unified framework for securing the diverse application environment and merging security into the application development process.
Read Post
outpost 24

Threat group USDoD claims to leak CrowdStrike threat actor database

Jul 25, 2024 By KrakenLabs In Outpost 24
The threat group USDoD posted on a dark web forum on July 24th to claim they’ve got hold of a large database of threat actors compiled by CrowdStrike. So far, the threat actor has released only a small sample of the data, but the forum post below claims that over 250 million records have been exposed. This could provide information on the aliases, recent activities, origins, and motivations of various cybercriminal groups and state-sponsored actors.
Read Post
outpost 24

Cross-site scripting vulnerability found in Oracle Integration Cloud

Jul 24, 2024 By Filip Nyquist In Outpost 24
In November 2023, while conducting a security assessment on a client’s instance of the Oracle Integration Cloud Platform, I discovered a medium severity vulnerability nestled within the handling of the “consumer_url” URL parameter. This flaw unveiled a Cross-Site Scripting (XSS) vector that could be exploited by a user with malicious intent.
Read Post
tripwire

The Dual Impact of AI on Power Grids: Efficiency and Vulnerability

Jul 24, 2024 By Emily Newton In Tripwire
Artificial intelligence (AI) has emerged as a promising solution to modernize power grids. The technology, alongside other upgrades like Internet of Things (IoT) connectivity, could make energy infrastructure more reliable and sustainable. However, AI power grids also pose significant cybersecurity risks. Attacks against critical infrastructure are becoming more common. As energy authorities ramp up their investments in AI, they should pay attention to these risks to enable a safer tech transformation.
Read Post
Arctic Wolf

CVE-2024-20401 and CVE-2024-20419: Critical Vulnerabilities in Cisco Secure Email and Cisco Smart Software Manager On-Prem

Jul 23, 2024 By Stefan Hostetler In Arctic Wolf
On July 17, 2024, Cisco publicly disclosed critical vulnerabilities in Cisco Secure Email Gateway (SEG) and Cisco Smart Software Manager On-Prem (SSM), identified as CVE-2024-20401 and CVE-2024-20419 respectively. Both of these vulnerabilities may allow for unauthenticated administrative actions to be taken by threat actors when exploited.
Read Post
lookout

Best Practices for Effective Vulnerability Management

Jul 23, 2024 By Lookout In Lookout
When it comes to the world of cybersecurity, vulnerabilities are everywhere, just waiting to be exploited. Vulnerability management is the systematic process of identifying, assessing, prioritizing, and mitigating security vulnerabilities in IT systems, applications, and networks. It aims to reduce the risk of exploitation by continuously monitoring for weaknesses and applying necessary security measures.
Read Post

4 Hidden AI Coding Risks and How to Address Them

Jul 22, 2024 By Snyk In Snyk
96% of developers and security professionals out there are using AI coding tools today like ChatGPT and GitHub Copilot. But they are forgetting one thing. Is that generated code safe and secure? Today, we're taking a look at four hidden risks of AI-generated code and how you can protect your projects from these pitfalls.
View Video

Carlsberg Group Transforms Remediation Operations with Seemplicity | Customer Testimonial

Jul 21, 2024 By Seemplicity In Seemplicity
Discover how Carlsberg Group transformed their cybersecurity operations with Seemplicity's Remediation Operations (RemOps) platform. In this exclusive customer testimonial, Carlsberg's Cloud Security Architect, Venicia Solomons, shares her experience and the significant impact Seemplicity has had on Carlsberg's Remediation Operations.
View Video
redscan

A guide to the OWASP TOP 10 for large language model applications

Jul 19, 2024 By Mark Nicholls In Redscan
Attackers are increasingly targeting vulnerabilities within large language models (LLMs) used to recognise and generate text. In response to the growing risk, the recently launched OWASP Top 10 for LLMs covers the key vulnerabilities within these types of AI applications. Read our guide to learn more about the most critical vulnerabilities and how to reduce AI security risks.
Read Post
Snyk

How to setup Deno Dev Container on GitHub Codespaces?

Jul 18, 2024 By Liran Tal In Snyk
If you’ve been searching for guides and tutorials on getting started with Deno web development in a cloud IDE such as GitHub Codespaces, you’ve come to the right place. In this post, we will be exploring the world of Deno, GitHub Codespaces, and Dev Containers, providing you with the knowledge you need to set up your development environment effectively and efficiently in the cloud.
Read Post
indusface

CVE-2024-27348 - A Critical RCE Vulnerability in Apache HugeGraph Server

Jul 18, 2024 By Vivek Chanchal In Indusface
Apache HugeGraph-Server, a popular open-source graph database tool, has been found to have a critical security vulnerability tracked as CVE-2024-27348. The vulnerability allows remote code execution (RCE), giving attackers the ability to execute arbitrary commands on vulnerable servers. This blog explores the details of this vulnerability, its impact, and the necessary mitigation steps to protect affected systems.
Read Post
securitysenses

Advanced Vulnerability Assessments: Beyond Penetration Testing

Jul 17, 2024 By SecuritySenses In SecuritySenses
Sensitive information must be protected from constantly evolving cyber threats in the digital age. For companies of all sizes, this is an imperative and not just a desirable objective. A sound, proactive approach to cybersecurity involves "stress-testing" an organization's defenses to see where they can be penetrated-by whom, and using what techniques.
Read Post
Arctic Wolf

CVE-2024-4879, CVE-2024-5178, CVE-2024-5217: ServiceNow MID Server Vulnerabilities Resulting in Unauthorized Code Execution

Jul 17, 2024 By Stefan Hostetler In Arctic Wolf
On July 10, 2024, ServiceNow disclosed a series of critical vulnerabilities impacting their platform, identified as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. These vulnerabilities were responsibly disclosed to ServiceNow in May 2024 by Assetnote, a cybersecurity firm. ServiceNow responded by patching hosted instances in June 2024.
Read Post
Snyk

10 Dimensions of Python Static Analysis

Jul 17, 2024 By Liran Tal In Snyk
Python static analysis, also known as "linting", is a crucial aspect of software development. It involves inspecting your Python code without running it to identify potential bugs, programming errors, stylistic issues, or non-adhering patterns to predefined coding standards. It also helps identify vulnerabilities early in the development process, reducing the chances of deploying insecure code into production.
Read Post
bitsight

What ended up on the cutting room floor after we sliced and diced the KEV

Jul 16, 2024 By Ben Edwards In BitSight
In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.
Read Post
cyberark

Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability

Jul 16, 2024 By Brenden Meeder In CyberArk
During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager). This vulnerability allowed an unprivileged user to execute arbitrary code as SYSTEM. CyberArk responsibly disclosed this vulnerability to Delinea, including the exploit proof of concept (POC) code, as part of our commitment to contributing to the security community.
Read Post
Snyk

Suspicious Maintainer Unveils Threads of npm Supply Chain Attack

Jul 16, 2024 By Liran Tal In Snyk
This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.
Read Post
levelblue

CVE-2024-30078: Patch Your Wi-Fi Now!

Jul 16, 2024 By Kushalveer Singh Bachchas In LevelBlue
The relentless battle against cyber threats continues, and CVE-2024-30078 stands as a stark reminder of the ever-present need for vigilance. A critical vulnerability (CVE-2024-30078) has been identified in Wi-Fi drivers for various Microsoft Windows versions. This flaw allows attackers within Wi-Fi range to remotely execute malicious code (RCE) on vulnerable systems. Immediate patching is recommended.
Read Post
nucleus

Build Better Vulnerability Management with Threat and Vulnerability Intelligence

Jul 15, 2024 By Corey Tomlinson In Nucleus
The goal of every vulnerability management program is to reduce the risk posed by vulnerabilities that exist in the organization’s environments. You can achieve this goal in two ways. The first is to move faster, remediating vulnerabilities faster than they can arise. The problem with this approach is that it doesn’t work. It is inefficient, expensive, and impractical. There are simply too many vulnerabilities.
Read Post

The Ultimate Guide to Finding the Best Open Source Packages

Jul 15, 2024 By Snyk In Snyk
Struggling to find the right open source package for your project? don't worry! After watching this video, you'll have a foolproof way to evaluate and choose the best ones with ease! Resources Chapters About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
View Video

Best Practices for Supply Chain Security in Response to Polyfill.io Attack

Jul 14, 2024 By Snyk In Snyk
Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure. Connect with Us Hashtags.
View Video
tanium

The 5 Advantages of Transitioning from Legacy Patching & Vulnerability Management Tools to Modern Solutions

Jul 12, 2024 By Tanium In Tanium
Transitioning from legacy vulnerability management tools to modern solutions like Tanium offers improved endpoint visibility, cost savings, streamlined operations, real-time data, and automated remediation, enhancing overall cybersecurity posture.
Read Post
Arctic Wolf

CVE-2024-6385: Critical Unauthorized Pipeline Job Vulnerability in GitLab

Jul 12, 2024 By Andres Ramos In Arctic Wolf
On July 10, 2024, GitLab issued an advisory regarding a critical vulnerability (CVE-2024-6385) in GitLab CE/EE that had been reported to them through a bug bounty program. This vulnerability allows a threat actor to trigger a GitLab pipeline as another user under certain circumstances. A GitLab pipeline is a collection of automated processes that run in stages to build, test, and deploy code.
Read Post
Snyk

How to secure an S3 bucket on AWS?

Jul 12, 2024 By Liran Tal In Snyk
Amazon Web Services (AWS) Simple Storage Service (S3) has become a cornerstone in the world of cloud storage. It offers scalability, high availability, and performance, making it a go-to choice for businesses of all sizes. However, as with any cloud service, security is paramount. This is where the question of "how to secure an S3 bucket" comes into play. Securing your S3 buckets is not just about protecting your data from unauthorized access.
Read Post
foresiet

GitLab Patches Critical Vulnerability Allowing Unauthorized Pipeline Jobs

Jul 11, 2024 By Foresiet In Foresiet
GitLab has released a new series of updates to address critical security flaws in its software development platform. Among these, a severe vulnerability tracked as CVE-2024-6385 has been identified, allowing attackers to run pipeline jobs as arbitrary users. This blog will detail the nature of these vulnerabilities, their impact, and the steps GitLab has taken to mitigate them. Critical Vulnerability: CVE-2024-6385.
Read Post
Snyk

A stepping stone towards holistic application risk and compliance management of the Digital Operational Resiliency Act (DORA)

Jul 11, 2024 By Ben Desjardins In Snyk
In today's increasingly digital world, where businesses rely heavily on technology for core operations, the European Union's Digital Operational Resilience Act (DORA) establishes a comprehensive framework to manage Information and Communication Technology (ICT) related risks and ensure business continuity for financial institutions and critical service providers.
Read Post
indusface

Polyfill Supply Chain Attack Hits 100K Websites

Jul 11, 2024 By Vinugayathri Chinnasamy In Indusface
Over 100,000 websites fell victim to a recent web supply chain attack through the Polyfill JavaScript library. This incident underscores significant vulnerabilities in third-party script integration across the web. This article covers what Polyfill does, why it’s now a threat, and the steps you should take if your website relies on it.
Read Post

Uncover vulnerabilities in C# applications using Coverity Rapid Scan Static | Synopsys

Jul 11, 2024 By Synopsys In Synopsys
In this video you will discover how Coverity’s Rapid Scan Static Analysis can help developers find and fix vulnerabilities in their code early in the development cycle by providing quick feedback on the most impactful issues. This new update in the Coverity 2024.6.0 release highlights how developers can run quick scans for C# applications via the Coverity Rapid Scan Static engine; returning quick and accurate static analysis results related to issues such as deserialization, hardcoded secrets, unsafe API calls, single-file data flow, etc. at record speeds.
View Video

SSH Snake - Tanium Tech Talks #95

Jul 10, 2024 By Tanium In Tanium
In January of 2024 the #Linux / Unix world was rocked by a script that worms its way through insecure SSH connections to map your environment. A team of two Tanium SMEs built content that you need to find and map your exposure, giving you the information necessary to remediate your environment. But #Windows and #MacOS are not off the hook. SSH services on other platforms have the same exposure. Use this Tanium content to find the issue everywhere it is applicable.
View Video

OpenSSH regreSSHion Vulnerability - The 443 Podcast - Episode 296

Jul 10, 2024 By WatchGuard In WatchGuard
This week on #the443podcast, Corey Nachreiner and Marc Laliberte cover OpenSSH's recent critical vulnerability and what it means for systems administrators. Before that, we discuss the CDK Global ransomware attack impacting car dealerships across the U.S., a Korean internet service provider delivering malware to their customers, and a takeover of a popular JavaScript library gone hostile.
View Video
veracode

Quantifying the Probability of Flaws in Open Source

Jul 10, 2024 By Chris Eng In Veracode
Jay Jacobs and I recently delivered an RSA presentation called Quantifying the Probability of Flaws in Open Source. Since many people didn’t get a chance to see it, I thought I’d summarize some of the findings here for posterity. The question we investigated was simple, at least conceptually: what are the red flags of an open-source repository? Are there characteristics of a given open source library that would reliably indicate it was safer than others?
Read Post
Snyk

Going beyond "shift left" to extend AppSec in all directions

Jul 9, 2024 By Ben Desjardins In Snyk
A week before RSA 2024, Forrester predicted which subjects and themes would come to the forefront of the conference. They emphasized that we’d see a focus on proactive security, defined as “a strategic approach to controlling security posture and reducing breaches through strong visibility, prioritization, and remediation.” I went into the conference with this prediction in mind. However, I was surprised by what I found.
Read Post
cycognito

Polyfill.io and Software Supply Chain Security: A Cautionary Tale

Jul 8, 2024 By Ansh Patnaik In CyCognito
Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.
Read Post
cyphere

OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable)

Jul 8, 2024 By Harman Singh In Cyphere
Software security is key to the online world’s survival. Collaborative efforts of cybersecurity professionals and volunteers have come together to create the OWASP web security testing guide. Malicious actors constantly threaten web applications, the backbone of many businesses. OWASP penetration testing is crucial for identifying and addressing these security vulnerabilities.
Read Post

Uncovering the Polyfill.io Supply Chain Attack

Jul 8, 2024 By Snyk In Snyk
In this video, we will be uncovering how a sneaky supply chain attack on the JavaScript Polyfill.io service compromised websites across the globe, including big names like Intuit, Square, the U.S. government and more. Stay tuned to find out how the attack occurred and what you can do to prevent it!
View Video
wallarm

CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers - 700,000+ Linux Boxes Potentially at Risk

Jul 6, 2024 By Wallarm In Wallarm
Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a collection of networking tools built on the Secure Shell (SSH) protocol. It is widely utilized to secure remote logins, manage and administer remote servers, and transfer files through SCP and SFTP. Nicknamed as the “RegreSSHion Bug”, Researchers at Qualys initially identified the vulnerability in May 2024.
Read Post
sysdig

CVE-2024-6387 - Shields Up Against RegreSSHion

Jul 4, 2024 By ashish chakrabortty In Sysdig
On July 1st, the Qualys’s security team announced CVE-2024-6387, a remotely exploitable vulnerability in the OpenSSH server. This critical vulnerability is nicknamed “regreSSHion” because the root cause is an accidental removal of code that fixed a much earlier vulnerability CVE-2006-5051 back in 2006. The race condition affects the default configuration of sshd (the daemon program for SSH).
Read Post
cato networks

CVE-2024-6387 OpenSSH RCE vulnerability ("regreSSHion") - Cato Networks impact and analysis

Jul 4, 2024 By Vadim Freger In Cato Networks
TL; DR – Multiple versions of OpenSSH are vulnerable to remote code execution. There is no working public PoC, and researchers have only been able to exploit the vulnerability under unique lab conditions. Cato Sockets by default do NOT have a publicly exposed SSH interface, it is always recommended to keep Cato Sockets LAN interface exposed only internally and use comprehensive network access controls to manage SSH access.
Read Post
cyberint

CVE-2024-6387 - RCE Vulnerability in OpenSSH

Jul 3, 2024 By Research Team In Cyberint
A high-severity remote code execution (RCE) vulnerability, CVE-2024-6387, has been discovered in OpenSSH’s server by the Qualys research team. This vulnerability is particularly concerning as it revives an issue that was previously addressed in 2006, highlighting the persistence of hidden bugs in widely used secure software. This discovery follows another significant vulnerability in the XZ Utils library found just a few months ago, underscoring ongoing security challenges.
Read Post
outpost 24

Five key takeaways from Outpost24's Cyber Resilience Day 2024

Jul 3, 2024 By Outpost 24 In Outpost 24
Held in Breda, Netherlands, this year’s Cyber Resilience Day convened industry leaders and cybersecurity experts to address the topic of supply chain attacks and the latest digital threats. The event showcased a series of keynote speeches, panel discussions, and interactive workshops, equipping attendees with valuable insights and actionable strategies to strengthen their organizations’ cyber resilience.
Read Post
gitguardian

CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368

Jul 3, 2024 By Mackenzie Jackson In GitGuardian
For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.
Read Post
levelblue

Deep Dive into Blockchain Security: Vulnerabilities and Protective Measures

Jul 3, 2024 By Kushalveer Singh Bachchas In LevelBlue
Blockchain technology, renowned for its decentralized and immutable nature, promises enhanced security for various applications. However, like any technology, it is not without vulnerabilities. This in-depth examination explores the security aspects of blockchain, identifies common vulnerabilities, and outlines the measures needed to secure blockchain applications effectively.
Read Post
detectify

Security Update: Critical CUPS Vulnerability

Jul 3, 2024 By Detectify In Detectify
A critical chained vulnerability (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177) has been detected within the open-source printing system CUPS (present in most Linux distributions). Attackers can achieve remote code execution, potentially leading to complete control of the vulnerable system. Detectify customers can assess whether their systems are running affected versions of CUPS.
Read Post
Arctic Wolf

CVE-2024-3937: Maximum Severity Authentication Bypass Vulnerability in Juniper Routers

Jul 2, 2024 By Andres Ramos In Arctic Wolf
On June 28, 2024, Juniper released fixes for a critical authentication bypass vulnerability discovered during internal testing, CVE-2024-3937. Juniper has stated that this vulnerability affects only Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products running in high-availability redundant configurations.
Read Post
foresiet

New Critical GitLab Vulnerability Threatens Software Development Security

Jul 2, 2024 By Foresiet In Foresiet
A critical vulnerability in GitLab, a widely-used Git repository platform, has been discovered, threatening the integrity of software development pipelines. GitLab has urged users running vulnerable versions to patch CVE-2024-5655 immediately to prevent potential CI/CD malfeasance. GitLab's Latest Security Patch GitLab, second only to GitHub in popularity, recently released updates for its Community (open source) and Enterprise Editions.
Read Post
Arctic Wolf

CVE-2024-6387: Critical Remote Code Execution Vulnerability in OpenSSH

Jul 2, 2024 By Andres Ramos In Arctic Wolf
On July 1, 2024, OpenSSH released fixes for CVE-2024-6387, a vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems allowing for potential Remote Code Execution (RCE). OpenSSH is a widely-used suite of secure networking tools based on the SSH protocol, providing encryption for secure communication and file transfers, and is essential for remote management on Unix systems. CVE-2024-6387 is a signal handler race condition that allows unauthenticated Remote Code Execution (RCE) as root.
Read Post
splunk

regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability

Jul 2, 2024 By Splunk Threat Research Team In Splunk
OpenSSH, an application installed by default on nearly every Unix-like and Linux system, has recently come under scrutiny due to a critical vulnerability discovered by Qualys. Designated as CVE-2024-6387 and aptly named "regreSSHion," this flaw exposes Linux environments to remote unauthenticated code execution. The implications of this vulnerability are far-reaching, potentially affecting countless servers and infrastructure components across the globe.
Read Post
chaossearch

Improving Patch and Vulnerability Management with Proactive Security Analysis

Jul 1, 2024 By David Bunting In ChaosSearch
Vulnerability management is the continuous process of identifying and addressing vulnerabilities in an organization’s IT infrastructure, while patch management is the process of accessing, testing, and installing patches that fix bugs or address known security vulnerabilities in software applications. Vulnerability management and patch management are crucial SecOps processes that protect IT assets against cyber threats and prevent unauthorized access to secure systems.
Read Post
armo

regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)

Jul 1, 2024 By Amit Schendel In ARMO
A high-severity remote code execution (RCE) vulnerability has been found in OpenSSH’s server (CVE-2024-6387) by the research team of Qualys. This issue is especially concerning because it brings back a problem that was originally fixed in 2006, showing that one of the most popular secure software still has hidden bugs. This discovery follows another major vulnerability found in the XZ Utils library just a few months ago, highlighting ongoing security challenges.
Read Post
wallarm

CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

Jul 1, 2024 By Wallarm In Wallarm
A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.