Vulnerability

Coffee Talk with SURGe: 2023-OCT-17 Cisco IOS XE, Signal Zero-Day Rumor, Conflict Disinformation

Oct 12, 2023 By Splunk In Splunk

Grab a cup of coffee and join Mick Baccio, Ryan Kovar, and Katie Brown for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news.

View Video

Splunk

Read more about Coffee Talk with SURGe: 2023-OCT-17 Cisco IOS XE, Signal Zero-Day Rumor, Conflict Disinformation

CVE-2023-38545: High Severity cURL Vulnerability Detection

Oct 12, 2023 By Miguel Hernández In Sysdig

On October 11 a new version of curl (8.4.0) was released, where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues were previously announced in the project’s discussion. At the time of this blog, there have been several proof of concepts released for CVE-2023-38545 which result in crashes, but not exploitation.

Read Post

Sysdig

Read more about CVE-2023-38545: High Severity cURL Vulnerability Detection

Detecting vulnerable curl and libcurl versions with Black Duck SCA | Synopsys

Oct 12, 2023 By Synopsys In Synopsys

Learn how to identify which of your applications are impacted by the recent open source libcurl and curl vulnerability with Black Duck SCA.

View Video

Synopsys

Read more about Detecting vulnerable curl and libcurl versions with Black Duck SCA | Synopsys

The State of Citrix Zero-Day Vulnerabilities 2023

Oct 11, 2023 By Tally Netzer In IONIX

Critical zero-day Citrix CVE-2023-3519 is still being exploited two months after Citrix released a patch. IONIX research found that 19% of the CVE-2023-3519 vulnerabilities are still unmitigated in comparison to only 3% among IONIX customers. In addition, IONIX customers were able to resolve this critical risk three times faster.

Read Post

IONIX

Read more about The State of Citrix Zero-Day Vulnerabilities 2023

Top 10 Docker Vulnerability Scanners for 2023

Oct 11, 2023 By Eyal Katz In Spectral

Docker has revolutionized how developers work by offering a powerful platform for creating, shipping, and running container applications. It helps developers conquer the complexity of application development and significantly increases software shipping frequency. Despite setbacks in recent years, Docker brings home $50 million in revenue every year, driven by the ongoing demand for new applications.

Read Post

Spectral

Read more about Top 10 Docker Vulnerability Scanners for 2023

How to update cURL

Oct 11, 2023 By Micah Silverman In Snyk

On October 3, 2023, the curl team preannounced a pending fix for a high-severity vulnerability, which impacts both libcurl and curl. Snyk products help you identify and fix vulnerable packages and containers, but this vulnerability impacts curl, a command-line tool that many developers use on a daily basis. It's also distributed with many operating systems, so we thought it would be beneficial to provide some tips on how you can get it upgraded on your system.

Read Post

Snyk

Read more about How to update cURL

Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487

Oct 11, 2023 By Jamie Smith In Snyk

Researchers and vendors have conducted an investigation into volumetric DDoS attacks in the wild between August – October 2023 that has resulted in the discovery of a novel “rapid reset” technique that leverages stream multiplexing, a feature of the widely-adopted HTTP/2 protocol. Disclosed today, the HTTP/2 rapid reset vulnerability is being tracked as CVE-2023-44487 and has been designated a High severity vulnerability with a CVSS score of 7.5 (out of 10).

Read Post

Snyk

Read more about Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487

Phishing and Curling: Vulnerabilities, not Winter Sports

Oct 11, 2023 By Cato Networks In Cato Networks

In this week's episode, Bill and Robin dive into the dangers of EvilProxy, as well as discuss a hot new vulnerability in the curl framework (CVE-2023-38545) Should you be concerned about this CVE? How can you tell if personal parameters are being sent to threat actors? and how can you help mitigate against these security challenges? Learn all this and more on the latest episode of The Ring of Defense!

View Video

Cato Networks

Read more about Phishing and Curling: Vulnerabilities, not Winter Sports

How to respond to the curl and libcurl vulnerabilities

Oct 11, 2023 By Matthew Hogg In Synopsys

As referenced in our previous post, the software development world has been bracing for additional details regarding two vulnerabilities associated with cURL, one of which was assessed as critical by the maintainer and original creator of the project. The wait ended this morning, as a fixed version was released and details about the vulnerabilities were provided.

Read Post

Synopsys

Read more about How to respond to the curl and libcurl vulnerabilities

Office Hours: Fixing Vulns Live in the IDE Plugin Made Easy

Oct 11, 2023 By Snyk In Snyk

Do you want to learn how to best fix vulnerabilities in your IDE? Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video