Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub) and it demands immediate attention from security professionals and DevOps teams. CVE-2024-7646, affecting the popular ingress-nginx controller, allows malicious actors to bypass annotation validation and potentially gain unauthorized access to sensitive cluster resources. This vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High).

Being a bad guy on the Internet is a really good business. In more than 90% of cybersecurity incidents, phishing is the root cause of the attack, and during this third week of August phishing attacks were reported against the U.S. elections, in the geopolitical conflict between the U.S., Israel, and Iran, and to cause $60M in corporate losses.

Veracode is pleased to announce the general availability of our new Azure DevOps Workflow integration. This new integration provides our customers using Azure DevOps Services with easy-to-configure, event-driven security testing of their application and infrastructure code managed in their Azure DevOps Repos.

High stakes, long hours, and a rapidly evolving threat landscape present unique barriers to happiness for security and IT teams. It’s not surprising that 63% of security practitioners report some level of burnout, and 58% of IT professionals feel overwhelmed by the amount of tasks they have to do in a day. Organizations simply can’t afford to ignore these statistics.

On August 13, 2024, SolarWinds released a hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an IT service management software widely used across various industries for tracking and managing support tickets. This vulnerability arises from a Java deserialization flaw, which could enable a remote attacker to execute arbitrary code on vulnerable hosts.

Educators create many passwords for accounts in both their personal and professional lives. Password management is crucial for educators, not only to keep track of their professional passwords but also to separate those from their personal passwords. Teachers need a reliable place to store passwords for many online accounts, applications and programs, no matter which grades or subjects they teach. Read more to learn why password management is essential for teachers.

When you consider national and global cybersecurity, a handful of names stand out. Two of the largest are NIST and ISO/IEC. Both of these organizations have issued plenty of rulings and frameworks for securing digital systems, and in a sense, they can be viewed as competitors. So, what’s the difference, where is the overlap, and which option is right for your business?

By Michael Aguilera, Lead Penetration Tester, Razorthorn Security Over the past decade, crowdsourced penetration testing has grown in popularity because of its convenience and cost effectiveness. However, this surge in popularity does not come without its caveats. In this blog, we’ll explore the benefits and risks of crowdsourced penetration testing, compare it with traditional methods and help you make an informed decision for your organisation’s cybersecurity needs.

As we move through 2024, the Wallarm Research Team continues to monitor the evolving API vulnerability and threat landscape. Our latest Q2 ThreatStats Report reveals critical trends and developments that are reshaping the security environment. Continuing from our Q1 findings, the surge in AI API vulnerabilities is not only persisting but intensifying, with an alarming increase in both the volume and severity of exploits.