Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2024

cycognito

Emerging Security Issue: SolarWinds Web Help Desk CVE-2024-28987

Sep 30, 2024 By Emma Zaballos In CyCognito
CVE-2024-28987 is a critical (CVSS v3 score: 9.1) hardcoded credential vulnerability in the SolarWinds Web Help Desk (WHD) software. If exploited, this Java deserialization remote code execution (RCE) vulnerability allows attackers remote unauthenticated access to create, read, update and delete data on specific WHD endpoints.
Read Post
outpost 24

Threat Context Monthly: Executive intelligence briefing for September 2024

Sep 30, 2024 By KrakenLabs In Outpost 24
Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from September.
Read Post
ionix

Critical Linux CUPS Flaws Could Lead to Remote Command Execution

Sep 30, 2024 By Fara Hain In IONIX
CUPS is a suite of programs and daemons that provide local and network printing capabilities on Unix-like systems such as Linux and macOS. Versions before and including 2.0.1 are vulnerable to CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters), all of which can be chained together to allow remote unauthenticated code execution. At this time there is no updated version available.
Read Post
bitsight

Critical Vulnerabilities Uncovered: How Bitsight Delivered Fast, Actionable Insights in Under 24 Hours

Sep 30, 2024 By BitSight In BitSight
The speed at which vulnerabilities are detected and addressed can drastically impact an organization’s likelihood of suffering a security incident. Recently, Bitsight demonstrated how its investments in product fingerprinting and CVE mapping allowed it to identify and surface assets potentially impacted by a set of critical vulnerabilities in the CUPS printing system in under 24 hours.
Read Post
veracode

Breaking Down the OWASP Top 10 API Security Risks 2023 (& What Changed From 2019)

Sep 30, 2024 By Dustin Silveri In Veracode
The OWASP Top Ten lists have been the cornerstone for application security best practices for over two decades. The 2019 list was the first edition of the OWASP API Security Top 10. The latest, OWASP API Security Top 10 2023, gives our security and engineering teams a glimpse of attack vectors that are becoming more common. With that in mind, it also helps our security teams to ensure that they have adequate coverage for security testing.
Read Post

The CUPS Vulnerability- The 443 Podcast - Episode 308

Sep 30, 2024 By WatchGuard In WatchGuard
This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.
View Video
Trustwave

What We Know So Far About Zero-Day CUPS Vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177

Sep 30, 2024 By Trustwave In Trustwave
On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems. CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS.
Read Post
sysdig

Detecting and Mitigating Remote Code Execution Exploits in CUPS

Sep 29, 2024 By Michael Clark In Sysdig
On September 26th, 2024, details were released about several vulnerabilities in the Common Unix Printing System (CUPS) package. A total of four CVE’s (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177) have been released, affecting many Unix and Linux distributions. Three of the vulnerabilities are rated High, while one is rated Critical. If left unpatched, a remote attacker is able to execute arbitrary commands on the affected system.
Read Post
armo

CUPS: Unraveling a Critical Vulnerability Chain in Unix Printing Systems

Sep 28, 2024 By Amit Schendel In ARMO
A series of critical vulnerabilities has been uncovered in the Common Unix Printing System (CUPS), specifically in the cups-browsed component and related libraries. This vulnerability chain allows remote, unauthenticated attackers to potentially execute arbitrary code with root privileges on affected systems. The discovery highlights significant security risks in a widely-used open-source component and raises crucial questions about legacy system support and security in modern IT environments.
Read Post
jfrog

Unix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know

Sep 27, 2024 By JFrog Security Research Team In JFrog
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on September 26th, the vulnerabilities were disclosed in @evilsocket’s blog, along with a full proof of concept.
Read Post
foresiet

Google's Transition to Rust Programming Reduces Android Memory Vulnerabilities by 52%

Sep 27, 2024 By Foresiet In Foresiet
In a significant move towards enhancing the security of its Android operating system, Google has announced a substantial reduction in memory vulnerabilities by adopting memory-safe programming languages, particularly Rust. This shift aligns with Google's secure-by-design philosophy, aiming to minimize security risks associated with new code development. In this blog, we’ll explore the implications of this transition, the statistical outcomes, and what this means for the future of secure coding.
Read Post
safebreach

Cicada3301 Ransomware, LummaC2 Infostealer, Obfuscated Net Loader, and More: Hacker's Playbook Threat Coverage Round-up: September 2024

Sep 27, 2024 By SafeBreach In SafeBreach
In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.
Read Post
cycognito

Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Sep 27, 2024 By Emma Zaballos In CyCognito
CVE-2024-6670 is a critical (CVSS v3 score: 9.8) SQL injection vulnerability. Threat researcher Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) discovered that, if the application is configured with only one user, unauthenticated attackers can leverage this vulnerability to retrieve users’ encrypted passwords.
Read Post
Arctic Wolf

Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service

Sep 27, 2024 By Stefan Hostetler In Arctic Wolf
On September 26, 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system that allows Unix-like operating systems, including Linux and MacOS, to manage printers and print jobs across local and networked environments. The newly identified CUPS vulnerabilities identified are.
Read Post

Friday Flows episode 36: Using Tines Workbench for asset and vulnerability management

Sep 27, 2024 By Tines In Tines
Michael Tolan from Tines Labs returns with Cameron for another episode on Tines Workbench. In case you missed it, Workbench is a Tines-powered AI chat interface where you can take action and access proprietary data in real-time, privately and securely. This episode leverages Workbench to make a tedious process extremely simple to handle. For any teams spending a lot of time on asset and vulnerability management, this is a must-watch!
View Video
Snyk

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Sep 27, 2024 By Jim Armstrong In Snyk
On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.
Read Post
Snyk

How to prevent log injection vulnerability in JavaScript and Node.js applications

Sep 26, 2024 By Liran Tal In Snyk
In many standard enterprise applications, consistent logging serves a multitude of purposes. It helps businesses identify and rectify errors, provides valuable analytical insights, and lets you test new solutions. However, this also makes log injections one of the most common ways hackers can hijack or even gain access to sensitive user information.
Read Post
Arctic Wolf

Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Sep 26, 2024 By Andres Ramos In Arctic Wolf
On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting Aruba Networking Access Points. These vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could allow remote unauthenticated attackers to execute code with privileged access.
Read Post
wallarm

Deep Dive into the Latest API Security Vulnerabilities in Envoy

Sep 26, 2024 By Wallarm In Wallarm
Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Lyft and now part of the Cloud Native Computing Foundation’s arsenal, is integral for companies scaling up their Kubernetes deployments. Envoy ensures efficient load balancing, security, and operational agility by managing external access to services within Kubernetes clusters,.
Read Post

Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform

Sep 26, 2024 By Nucleus In Nucleus
In this webinar, discover how the Nucleus Vulnerability Intelligence Platform (VIP) is changing the way organizations handle vulnerabilities. Learn how VIP empowers security teams to assess, prioritize, and mitigate vulnerabilities in real time by leveraging automated workflows, comprehensive data aggregation, and custom risk ratings. Key topics covered: Chapters Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!
View Video
foresiet

Chinese Hackers Target APAC Governments with EAGLEDOOR Malware Exploiting GeoServer Flaw

Sep 24, 2024 By Foresiet In Foresiet
In a sophisticated cyber espionage campaign, a group of Chinese hackers has exploited a critical vulnerability in GeoServer to target government organizations across the Asia-Pacific (APAC) region. This operation, linked to the advanced persistent threat (APT) group known as Earth Baxia, highlights the evolving landscape of cyber threats facing sensitive sectors, including government and energy.
Read Post
bitsight

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

Sep 24, 2024 By Pedro Umbelino In BitSight
Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.
Read Post
indusface

CVE-2024-8190 - OS Command Injection in Ivanti CSA

Sep 24, 2024 By Pavithra Hanchagaiah In Indusface
A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.
Read Post
nucleus

How Security Debt Compounds Vulnerability Risk

Sep 24, 2024 By Corey Tomlinson In Nucleus
Organizations often find themselves caught in a perpetual cycle of identifying, prioritizing, and mitigating vulnerabilities that pose the most risk. Amid this ongoing battle, a significant challenge is often overlooked: security debt. Much like technical debt, security debt refers to the accumulation of unresolved vulnerabilities within an organization’s systems and software.
Read Post
Snyk

Identifying Insecure C Code with Valgrind and Fixing with Snyk Code

Sep 24, 2024 By Liran Tal In Snyk
C and C++ remain foundational in critical software development. These languages power a wide array of systems, from embedded devices to high-performance applications in manufacturing, operational technology (OT), and the industrial market. Their efficiency, control over system resources, and performance make them indispensable for developers working on mission-critical projects.
Read Post
safeaeon

Why is Vulnerability Management-as-a-Service Essential for Businesses?

Sep 24, 2024 By SafeAeon Inc. In SafeAeon
As cyber threats get smarter and more common, companies of all sizes need to make vulnerability management a top priority to keep their private data safe and their operations running smoothly. Traditional vulnerability management methods, which involve a lot of manual work and restricted visibility, aren't working well against the complicated problems that modern cyberattacks pose.
Read Post
safeaeon

History of Vulnerability Management: Lessons from Past to Present

Sep 23, 2024 By SafeAeon Inc. In SafeAeon
Vulnerability management has been a key part of how companies protect their digital assets and has helped cybersecurity evolve. In the last few decades, vulnerability management has changed from simple patch management to complex, multi-layered plans meant to act upon cyber threats that are getting smarter all the time. In the early days of cybersecurity, people only took action after security was breached instead of trying to stop them.
Read Post
securitysenses

4 Ways Ethical Hacking Services Helped Businesses Prevent Cyber Attacks

Sep 22, 2024 By SecuritySenses In SecuritySenses
As technology continues to advance at a rapid pace, so do the tactics of cybercriminals. For businesses of all sizes, the threat of a cyber attack is growing more and more concerning. Through the use of ethical hacking techniques, companies can identify vulnerabilities in their systems. They can also address them before malicious hackers exploit them. In this post, we will explore the ways ethical hacking services have become a valuable asset in the fight against cyber attacks.
Read Post
foresiet

GitLab Patches Critical SAML Authentication Flaw: Protect Your Systems from Exploitation

Sep 20, 2024 By Foresiet In Foresiet
In today's fast-paced digital landscape, security vulnerabilities are constant concerns for organizations that rely on cloud-based services and distributed systems. Recently, GitLab addressed a critical security flaw that affected both its Community Edition (CE) and Enterprise Edition (EE). This flaw, tracked as CVE-2024-45409, has been categorized as a critical vulnerability with a CVSS score of 10.0, the highest possible score, signifying its severity.
Read Post

Enhanced Vulnerability Analysis with Forward Networks + Tenable Technology Partnership

Sep 20, 2024 By Forward Networks In Forward Networks
Proactive Vulnerability Detection: Security teams rely on vulnerability scanners to discover vulnerabilities, crucial for maintaining network integrity. Regular scanning is essential for a strong security posture. Data Overload: While vulnerability reports are valuable, they often contain excessive information, making it difficult to derive actionable insights.
View Video
sysdig

Harden your LLM security with OWASP

Sep 19, 2024 By Nigel Douglas In Sysdig
Foundationally, the OWASP Top 10 for Large Language Model (LLMs) applications was designed to educate software developers, security architects, and other hands-on practitioners about how to harden LLM security and implement more secure AI workloads. The framework specifies the potential security risks associated with deploying and managing LLM applications by explicitly naming the most critical vulnerabilities seen in LLMs thus far and how to mitigate them.
Read Post
mend

What is the KEV Catalog?

Sep 19, 2024 By AJ Starita In Mend
With external threats looming as a constant source of potential disruption, multiple government agencies have coordinated to compile a catalog of Known Exploited Vulnerabilities (KEV). The Known Exploited Vulnerabilities Catalog, or KEV catalog, is a database of actively exploited vulnerabilities, including those that have been exploited by ransomware campaigns, that can help application security professionals in the public and private sectors monitor threats and prioritize fixes.
Read Post
Snyk

3 best practices to make the most of Snyk AppRisk Essentials

Sep 19, 2024 By Daniel Berman In Snyk
Thousands of our customers are leveraging Snyk to implement their DevSecOps and shift-left strategies. However, with the increasing speed and complexity of applications, we also know it’s harder to stay in sync with development. It is increasingly difficult to maintain a clear view of all the software assets being developed, identify ownership and their importance to the business, and, most importantly, ensure that these assets are properly secured by Snyk.
Read Post
Arctic Wolf

CVE-2024-38812: Critical RCE Vulnerability Fixed in VMware vCenter Server and Cloud Foundation

Sep 18, 2024 By Andres Ramos In Arctic Wolf
On September 17, 2024, Broadcom released fixes for a critical vulnerability impacting VMware vCenter Server and Cloud foundation, tracked as CVE-2024-38812. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to Remote Code Execution (RCE).
Read Post
cato networks

Cato CTRL Threat Research: CVE-2023-49559 - gqlparser Directive Overload DoS Vulnerability

Sep 18, 2024 By Vadim Freger In Cato Networks
The Cato CTRL and Cato Application Security Research teams recently discovered CVE-2023-49559, a directive overload Denial of Service (DoS) vulnerability in the gqlparser library, which is a crucial component in the development and running of GraphQL applications. The vulnerability is of medium severity (CVSS score of 5.3). The gqlparser library is an integrated component of the gqlgen Golang GraphQL server, widely used in web applications to handle GraphQL queries.
Read Post
Snyk

Dive into AI and LLM learning with the new Snyk Learn learning path

Sep 18, 2024 By Michael Biocchi In Snyk
Snyk Learn, our developer security education platform, just got better! We have expanded our lesson coverage and created a new learning path that covers the OWASP Top 10 for LLMs and GenAI, and is entirely free! As AI continues to revolutionize industries, ensuring the security of AI-driven systems has never been more critical.
Read Post
Trustwave

The First Step in Creating an Offensive Security Program: Managed Vulnerability Scanning

Sep 18, 2024 By Trustwave In Trustwave
An offensive security program is an excellent component of a mature cybersecurity program, but kicking off that process can be overwhelming for some organizations. After all, offensive security has several components, such as Penetration Testing, Red Team exercises, incorporating threat intelligence, etc., so it can be hard to decide where to start. The answer to this dilemma starts with Managed Vulnerability Scanning (MVS).
Read Post
appsentinels

Illusion of Security due to similarities?

Sep 18, 2024 By AppSentinels
In 2019, OWASP released first version of API Security Top 10. Like the omnipresent OWASP Top 10, the API Security Top 10 delivers a prioritized list of the most critical application security issues with a focus on the APIs. In this whitepaper, we would like to share an overview of the API top 10 with comparisons to the OWASP top 10 for web applications and break any false sense of security by seeing similarities in the list.
Get White Paper
Snyk

Meet Snyk for Government: Our developer security solution with FedRAMP ATO

Sep 17, 2024 By Danny Allan In Snyk
The Snyk team is excited to announce that our FedRAMP sponsor, the Center for Medicare and Medicaid (CMS), has granted authorization (ATO), enabling their teams to leverage our public sector offering, Snyk for Government (SFG). This stage signifies that we are almost at the finish line of the FedRAMP process and points to our continued investment and support of public sector organizations in their application security efforts.
Read Post
foresiet

Windows Vulnerability Exploited Using Braille 'Spaces' in Zero-Day Attacks

Sep 17, 2024 By Foresiet In Foresiet
A recently addressed Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, has been revealed to have been actively exploited in zero-day attacks by the Advanced Persistent Threat (APT) group, Void Banshee. Initially unmarked as exploited, Microsoft later updated its advisory to confirm that the vulnerability had been abused in attacks prior to its fix.
Read Post
Snyk

Want to avoid a data breach? Employ secrets detection

Sep 16, 2024 By Liran Tal In Snyk
As a software developer, ensuring the security of your applications is paramount. A crucial part of this task involves managing secrets and employing a secrets detection tool. In this context, secrets refer to sensitive data such as API keys, database credentials, encryption keys, and other confidential information. Their unauthorized access or exposure can lead to catastrophic consequences, including data breaches and severe business losses.
Read Post
CalCom

Disable SSLv2: When older is not better

Sep 15, 2024 By Ben Balkin In CalCom
Secure Sockets Layer (SSL) is a technology that encrypts data sent between a user's browser and a website or application on a server. The purpose of SSL is to secure the information preventing eavesdropping and tampering. Originally released in 1995, SSLv2 is a protocol used to encrypt data sent over the internet, ensuring that the information remains private and secure.
Read Post
securitysenses

How Cyber Threats Impact Route Optimization

Sep 14, 2024 By SecuritySenses In SecuritySenses
In 2024, cyber threats cast a shadow over how we navigate roads. Imagine hackers hijacking smart vehicles or manipulating traffic grids to cause chaos. You might wonder how route optimization software keeps you safe and efficient amidst these risks. Here's where enterprise solutions shine. They fortify GPS technology against potential intrusions. But there's more than just defense; they enhance your fleet's performance too.
Read Post
nucleus

4 Simple Steps to Implement Risk-Based Vulnerability Management

Sep 13, 2024 By Tally Netzer In Nucleus
Imagine if your fire alarm sensor went off every time you burned your toast or lit candles on a birthday cake. After a few false alarms, you’d probably start ignoring them or even turn your sensor off just to get some peace. This is what many information security teams are experiencing with vulnerability alerts.
Read Post
indusface

Top 8 Vulnerability Management Challenges and How to Overcome Them

Sep 13, 2024 By Vinugayathri Chinnasamy In Indusface
The State of Application Security report shows that over 2.37 billion attacks were blocked on AppTrana WAAP from April 1, 2024, to June 30, 2024. Attacks targeting vulnerabilities surged by 1,200% in Q2 2024 compared to last year, an alarming fact. This sharp rise highlights that vulnerabilities are the prime target. Moreover, they are now easily exploitable thanks to readily available scripts on known vulnerabilities. This could be because of rapid adoption of AI and LLM models even among hackers.
Read Post
Arctic Wolf

Types of Security Scans Every Organization Should Be Using

Sep 12, 2024 By Arctic Wolf In Arctic Wolf
In 2023, nearly 60% of incidents investigated by Arctic Wolf Incident Response involved a vulnerability that was two — or more — years old. That means the organization had 24-plus months to find and remediate the vulnerability before threat actors took advantage. Why do vulnerabilities remain persistent? There’s a number of reasons, not the least of which is that more of them pop up each day, creating a mountain of vulnerabilities that feels too difficult to summit for most businesses.
Read Post
Arctic Wolf

CVE-2024-6678: GitLab Fixes Critical Pipeline Execution Vulnerability

Sep 12, 2024 By Andres Ramos In Arctic Wolf
On September 11, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab CE/EE, identified as CVE-2024-6678. This flaw allows a remote attacker to trigger a pipeline as an arbitrary user under specific conditions. A GitLab pipeline is a collection of automated processes that run in stages to build, test, and deploy code.
Read Post
outpost 24

Crystal Rans0m: Emerging hybrid ransomware with stealer capabilities

Sep 12, 2024 By Lidia López Sanz In Outpost 24
Crystal Rans0m is a previously undocumented hybrid ransomware family developed in Rust programming language seen for the first time in the wild on September 2nd, 2023. Interestingly, it does not only encrypt victim’s files, demanding a ransom for their release, but also steals sensitive information from the infected systems. This dual-threat approach means that attackers can double their leverage over victims, potentially increasing their chances of monetizing their attacks.
Read Post
foresiet

Critical Adobe Acrobat Reader Zero-Day Patched: Public PoC Exploit Detected

Sep 12, 2024 By Foresiet In Foresiet
Adobe has recently addressed a critical vulnerability in its Acrobat Reader software, urging users to update immediately. The flaw, tracked as CVE-2024-41869, is a "use after free" vulnerability, which could allow attackers to execute malicious code remotely through specially crafted PDF files. This article explores the nature of this exploit, its discovery, and the urgency behind updating to the latest version.
Read Post
Snyk

How to mitigate security issues in GenAI code and LLM integrations

Sep 11, 2024 By Liran Tal In Snyk
GitHub Copilot and other AI coding tools have transformed how we write code and promise a leap in developer productivity. But they also introduce new security risks. If your codebase has existing security issues, AI-generated code can replicate and amplify these vulnerabilities.
Read Post
Snyk

Announcing new Snyk AppRisk integration with Orca Security

Sep 11, 2024 By Daniel Berman In Snyk
We’re excited to announce a new Snyk AppRisk integration with Orca Security that brings the best of two worlds together: developer-loved, security-trusted application security from Snyk and leading cloud security from Orca. This integration is big news for organizations looking to align with DevSecOps and enhance collaboration between development and security teams.
Read Post
cycognito

Emerging Security Issue: SonicWall SSLVPN (CVE-2024-40766)

Sep 10, 2024 By Emma Zaballos In CyCognito
CVE-2024-40766 is a critical (CVSS v3 score: 9.3) access control flaw. Its primary danger comes from the potential for providing unauthorized network access, both allowing attackers unfettered access to critical resources and, in some cases, giving attackers the ability to crash the firewall.
Read Post
foresiet

Ransomware Gangs Poised to Exploit Veeam Backup & Replication Vulnerability (CVE-2024-40711)

Sep 10, 2024 By Foresiet In Foresiet
The critical CVE-2024-40711 vulnerability in Veeam Backup & Replication (VBR) is drawing attention from security researchers and ransomware groups alike. Discovered by Florian Hauser from Code White, this flaw allows attackers to take full control of enterprise systems, posing a significant threat to the integrity of data backup infrastructures. With ransomware groups historically targeting Veeam vulnerabilities, CVE-2024-40711 could soon become a valuable tool for cybercriminals.
Read Post
Arctic Wolf

CVE-2024-29847: Ivanti Addresses Maximum Severity RCE Vulnerability in Endpoint Manager

Sep 10, 2024 By Andres Ramos In Arctic Wolf
On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal of specific EPM versions, allows Remote Code Execution (RCE) by an unauthenticated attacker due to improper deserialization of untrusted data.
Read Post
bitsight

Do We Need Yet Another Vulnerability Scoring System? For SSVC, That's a YASS

Sep 10, 2024 By Ben Edwards In BitSight
The security world is awash in acronyms. As a niche in the security world, vulnerability, tracking, measurement, and management is no stranger to inscrutable collections of capital letters. We’ve got NVD, CPE, CWE, CVSS, EPSS, CAPEC, KEV, and of course “CVE”. The key goal of all these frameworks is to try to help folks organize information around vulnerabilities and assess how their presence might increase an organization's exposure.
Read Post

Why ASPM is the Future of AppSec

Sep 10, 2024 By Snyk In Snyk
ASPM (Application Security Posture Management) is the future of application security. It provides a centralized dashboard that gives security teams visibility into application assets and their relationships. ASPM also prioritizes risk based on context so you can focus on the vulnerabilities that matter most. This video will explore the challenges facing security teams today and how ASPM can help you overcome them.
View Video
Snyk

Abusing Ubuntu 24.04 features for root privilege escalation

Sep 9, 2024 By Rory McNamara In Snyk
With the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities. I’ll let the results speak for themselves: During our research, we successfully identified a privilege escalation from the default user on a fresh Ubuntu Desktop installation to root.
Read Post
Snyk

5 reasons why developers at FinServ institutions are outpacing their security teammates

Sep 9, 2024 By Katie DeMatteis In Snyk
Advanced biometrics. Seamless onboarding walkthroughs. Cross-platform integrations. Hyper-personalized dashboards. Cleanly designed reports. These are just some of the features today’s users expect from their financial applications, pushing most financial institutions to release them quickly — or risk being outpaced by FinTech disruptors who already do. As a result, development teams must build more quickly, adopting new technologies to stay in step with demanding goals and tight deadlines.
Read Post
Arctic Wolf

Critical Vulnerabilities Patched in Veeam Products

Sep 6, 2024 By Andres Ramos In Arctic Wolf
On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five of these vulnerabilities, which are classified as critical. Arctic Wolf has not observed any exploitation of these vulnerabilities in the wild and has not identified any publicly available proof of concept (PoC) exploit code.
Read Post
Arctic Wolf

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

Sep 6, 2024 By Stefan Hostetler In Arctic Wolf
On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of disclosure, active exploitation was not known and no proof-of-concept exploit was publicly available. As of September 6, 2024, however, the security advisory has been updated with additional details, indicating that the vulnerability is potentially being actively exploited.
Read Post
datadog

Datadog delivers smarter vulnerability remediation

Sep 6, 2024 By Ander Ruiz Ayesta In Datadog
Security teams today normally perform ongoing vulnerability remediation as a key part of their efforts to secure applications. This process entails applying updates to remove known flaws, typically published as Common Vulnerabilities and Exposures (CVEs), that are discovered in third-party libraries within application code. While “applying updates” might sound like a straightforward task, in practice, eliminating vulnerabilities has become increasingly challenging in the current environment.
Read Post
safebreach

SafeBreach Coverage for US CERT AA24-249A (GRU Unit 29155)

Sep 6, 2024 By Kaustubh Jagtap In SafeBreach
On September 5th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) issued an urgent advisory warning security teams about efforts undertaken by threat actors affiliated with Russia’s General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).
Read Post
outpost 24

What security lessons can you learn from your attack surface score?

Sep 6, 2024 By Marcus White In Outpost 24
Increasing digitalization and connectivity mean the attack surfaces of most organizations are growing. This means more IT assets to track and manage, plus more potential attack routes for threat actors to target. The threat situation is constantly increasing, especially in the area of vulnerabilities – last year over 30,000 new vulnerabilities were published. So how can you get an accurate view of your attack surface and where it might be open to exploitation?
Read Post
seemplicity

Lost in Translation: Vulnerability Management Communication Gaps

Sep 5, 2024 By Ravid Circus In Seemplicity
Vulnerability management is absolutely critical to protecting an organization’s IT and cloud infrastructure, systems, or applications from incoming threats. The ability to remediate the most relevant vulnerabilities quickly is the only way to keep your perimeter safe. Yet, security teams struggle with managing vulnerabilities. Why? At the core lies a fundamental communication and collaboration problem.
Read Post
Arctic Wolf

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

Sep 5, 2024 By Andres Ramos In Arctic Wolf
On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.
Read Post
Arctic Wolf

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

Sep 5, 2024 By Andres Ramos In Arctic Wolf
On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.
Read Post
upguard

ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217

Sep 5, 2024 By Nicholas Sollitto In UpGuard
In late July 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities (CVE-2024-4789 and CVE-2024-5217) affecting ServiceNow to its list of known exploited vulnerabilities. These vulnerabilities can allow unauthenticated users to execute code remotely, posing severe risks to organizations that use the platform. The potential for unauthorized access and severe data breaches makes addressing these vulnerabilities crucial.
Read Post
jumpsec

Ethical Hacking vs. Vulnerability Assessment: Understanding the Differences

Sep 5, 2024 By shiba In JUMPSEC
In the dynamic field of cybersecurity, two essential practices stand out: Ethical Hacking and Vulnerability Assessment. Both play critical roles in safeguarding digital assets, yet they serve different purposes and employ distinct methodologies. Understanding the differences, their place in cybersecurity, and when to deploy each tactic is crucial for maintaining a robust security posture.
Read Post
Snyk

What you should know about PHP code security

Sep 4, 2024 By Liran Tal In Snyk
When it comes to web development, PHP is a widely used scripting language. With its popularity, it is crucial to understand the potential security risks associated with PHP and the measures to mitigate them. Whether you deploy CMS applications using WordPress or build enterprise applications with the Laravel PHP framework, the importance of PHP security and the business impact of some notable PHP interpreter vulnerabilities are crucial for developers to get right.
Read Post
Forward Networks

5 Ways a Network Digital Twin Can Revolutionize CVE Compliance

Sep 4, 2024 By Dawn Slusher In Forward Networks
In the rapidly evolving cybersecurity landscape, the sheer volume of Common Vulnerability and Exposure (CVE) notices has become a daunting challenge for SecOps teams. In 2023 alone, the National Institute of Standards and Technology (NIST) issued 28,901 CVE notices, reflecting the growing complexity and intensity of potential threats.
Read Post
netwrix

Identifying Common Open Port Vulnerabilities in Your Network

Sep 3, 2024 By Dirk Schrader In Netwrix
When intruders want to break into an establishment, they look for an opening. An open port is one of the openings that a hacker or threat actor looks for to access a digital network. That open port may be on a firewall, a server, or any network-connected computing device. Just as a single unlocked door can jeopardize your privacy and grant access to a physical building, a single open port can provide a point for hackers to breach your systems, exposing you to their malicious intents.
Read Post

How AI Impacts Reconnaissance and Bug Bounties

Sep 3, 2024 By Snyk In Snyk
Is AI impacting security reconnaissance and bug bounties? Will AI be used by malicious actors in security research? These are just a few questions asked in this interview with NahamSec, in which we discuss AI in the coding and cyber security sector, how it can be used both positively and negatively, how it can impact the job market, and how it can be controlled to better serve the industry. Resources.
View Video
foresiet

Critical Vulnerabilities in Microsoft macOS Apps Could Lead to Unrestricted Access for Hackers

Sep 3, 2024 By Foresiet In Foresiet
In a recent cybersecurity development, eight vulnerabilities have been identified in Microsoft applications for macOS. These flaws could potentially allow attackers to gain elevated privileges or access sensitive data by bypassing the operating system’s permissions-based security model. This blog delves into the nature of these vulnerabilities, their potential impact, and the steps that can be taken to mitigate the risks.
Read Post
Arctic Wolf

CVE-2024-6633: Critical Credential Vulnerability Affecting Fortra FileCatalyst Workflow

Sep 3, 2024 By Andres Ramos In Arctic Wolf
On August 27, 2024, Fortra published a security advisory regarding a critical credential vulnerability in FileCatalyst Workflow, identified as CVE-2024-6633. FileCatalyst Workflow is a managed file transfer solution used for exchanging large files across networks.
Read Post
Snyk

3 ways AppSec modernization is a game-changer for financial services

Sep 3, 2024 By Katie DeMatteis In Snyk
Today’s established financial services companies face high pressure from their competition. Many of them find that they must provide an innovative, customized customer experience (CX) or lose out to FinTech disruptors who are already doing CX well. As a result, these businesses are prioritizing innovative, feature-rich applications and adopting the latest and greatest in software development to speed up release cycles and increase productivity.
Read Post

This Month in Datadog: App Builder, updates to Vulnerability Management and App Security, and more

Sep 3, 2024 By Datadog In Datadog
Datadog is constantly elevating the approach to cloud monitoring and security. This Month in Datadog updates you on our newest product features, announcements, resources, and events. To learn more about Datadog and start a free 14-day trial, visit Cloud Monitoring as a Service | Datadog. This month, we put the Spotlight on Datadog App Builder.
View Video
CalCom

OpenSCAP Hardening Guide in 2024

Sep 1, 2024 By John Gates In CalCom
The OpenSCAP (Security Content Automation Protocol) project offers an extensive range of hardening guides, configuration baselines, and tools for assessing vulnerabilities and configuration issues, utilizing SCAP as the protocol for storing the foundational data. Created by the open-source community, OpenSCAP hardening allows a selection of a security policy that aligns with an organization’s needs, irrespective of its size.
Read Post

Measuring Risk with One Yardstick: Lessons Learned on the Road to RBVM

Sep 1, 2024 By Nucleus In Nucleus
How should we measure risk? Zebra Technologies has more than a dozen cybersecurity tools, thirty-five teams, and hundreds of people worldwide managing vulnerabilities. They wanted to measure with one yardstick; use a single, risk-based solution that could be customized to meet business criteria.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.