Vulnerability

Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem

Sep 28, 2023 By Brian Clark In Snyk

This month, Apple Security Engineering and Architecture (SEA) and The Citizen Lab at The University of Toronto's Munk School opened a pair of Critical vulnerabilities relating to maliciously formed WebP images which could be used to exploit the Chrome browser, as well as the webmproject/libwebp library from Google. As of Sep 27th, 2023, the CVEs known to track this libwebp vulnerability actively include.

Read Post

Snyk

Read more about Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem

OWASP API Top 10 2023: What changed and why it's important?

Sep 28, 2023 By AppSentinels In AppSentinels

Back in 2019, OWASP released its first API Top-10 list. It quickly gained widespread acceptance and acknowledgment from the industry about the challenges faced in protecting APIs. Since then, growth in APIs has continued, and the threat landscape also evolved rapidly. OWASP has released an updated API Top 10 2023 with quite a few changes from 2019 to address the changes and provide new insights and recommendations.

Read Post

AppSentinels

Read more about OWASP API Top 10 2023: What changed and why it's important?

9 Best Android Vulnerability Scanners to Detect Vulnerabilities

Sep 27, 2023 By Karthik In Astra

In the digital age, Android vulnerability scanners, or as some may call them, android app vulnerability scanners, have become an essential tool for maintaining the security of mobile applications. Given Android’s substantial mobile OS market share, it’s a prime target for cyber threats.

Read Post

Astra

Read more about 9 Best Android Vulnerability Scanners to Detect Vulnerabilities

Strengthening Your Security with Agentless Vulnerability Management

Sep 27, 2023 By Sysdig In Sysdig

Discover how Sysdig Secure’s new “Agentless Vulnerability Management” approach helps you streamline the onboarding of new deployments, while significantly cutting down complexity and setup time. Agentless security tools generally rely on leveraging existing interfaces and APIs provided by the cloud service providers to collect information and perform vulnerability assessments.

View Video

Sysdig

Read more about Strengthening Your Security with Agentless Vulnerability Management

Over 53% of Organizations Have An Internet-Exposed Vulnerability

Sep 27, 2023 By SecurityScorecard In SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about Over 53% of Organizations Have An Internet-Exposed Vulnerability

10 best practices for securely developing with AI

Sep 27, 2023 By Simon Maple In Snyk

By now, we’re all painfully aware that AI has become a crucial and inevitable tool for developers to enhance their application development practices. Even if organizations restrict their developers using AI tools, we hear many stories of how they circumvent this through VPNs, and personal accounts.

Read Post

Snyk

Read more about 10 best practices for securely developing with AI

A Deep Dive into the Exploit Prediction Scoring System EPSS

Sep 27, 2023 By Nucleus In Nucleus

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.

View Video

Nucleus

Read more about A Deep Dive into the Exploit Prediction Scoring System EPSS

What are OWASP Secure Coding Practices? Top 10 Web App Security Vulnerabilities

Sep 26, 2023 By SignMyCode In SignMyCode

OWASP (Open Web Application Security Project) is a nonprofit organization established in 2001 to instruct (guide) website owners and security experts on constructing, purchasing, and maintaining trustworthy and secure software applications. In lay terms, it is a forum where several application security firms and industry specialists provide input to identify the top, most critical security risks that threaten web applications.

Read Post

SignMyCode

Read more about What are OWASP Secure Coding Practices? Top 10 Web App Security Vulnerabilities

CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

Sep 26, 2023 By Andres Ramos In Arctic Wolf

On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 and can allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform RCE. All versions of TeamCity On-Premises are affected by this vulnerability.

Read Post

Arctic Wolf

Read more about CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

Signing container images: Comparing Sigstore, Notary, and Docker Content Trust

Sep 26, 2023 By Hrittik Roy In Snyk

In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.

Read Post