Vulnerability

The most common vulnerabilities in your external attack surface

Sep 12, 2023 By Outpost 24 In Outpost 24

Imagine your organization’s digital fortress – now picture a thousand hidden doors, each a potential entry point for cyber threats. In the world of cybersecurity, these doors are known as ‘external attack surface vulnerabilities’ and understanding them is the first step to locking them down. External attack surface vulnerabilities are the weak points of a company’s network that can potentially be exploited by malicious actors.

Read Post

Outpost 24

Read more about The most common vulnerabilities in your external attack surface

A guide to input validation with Spring Boot

Sep 12, 2023 By Lucien Chemaly In Snyk

If you're a developer working with Java, you likely know Spring Boot, the robust framework that streamlines the development of stand-alone, production-grade, Spring-based applications. One of the many features it offers is Bean Validation, which is a crucial aspect of any application to ensure data integrity and improve user experience.

Read Post

Snyk

Read more about A guide to input validation with Spring Boot

New Vulnerabilities in Apple Products Exploited in the Wild

Sep 12, 2023 By Andres Ramos In Arctic Wolf

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS, iPadOS, and watchOS products. These vulnerabilities can be exploited with a maliciously crafted attachment or image which leads to arbitrary code execution.

Read Post

Arctic Wolf

Read more about New Vulnerabilities in Apple Products Exploited in the Wild

CVE-2023-20269: Cisco ASA/Firepower VPN Zero-Day Vulnerability Actively Exploited

Sep 12, 2023 By Andres Ramos In Arctic Wolf

On August 31, 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently, on September 6, 2023, Cisco published a security advisory warning of a zero-day vulnerability (CVE-2023-20269) in the remote access VPN feature of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.

Read Post

Arctic Wolf

Read more about CVE-2023-20269: Cisco ASA/Firepower VPN Zero-Day Vulnerability Actively Exploited

How To Discover PII and Privacy Vulnerabilities in Structured Data Sources

Sep 12, 2023 By Protecto In Protecto

In this video, we walk through the process of discovering personally identifiable information (PII) and identifying potential privacy vulnerabilities within structured data sources. First, you will connect Protecto to your data repository. Then, we will show you how to access the Privacy Risk Data within your data assets catalog, obtain information on active users, access privileges, data owners, and recommendations for dealing with privacy risks.

View Video

Protecto

Read more about How To Discover PII and Privacy Vulnerabilities in Structured Data Sources

Real-World Security Testing: Uncovering Vulnerabilities in Uninterrupted Power Supplies

Sep 11, 2023 By Razorthorn In Razorthorn

Think your organization's security is rock-solid? It's time to put it to the real-world test! In this eye-opening video, we share a fascinating story of a security assessment that revealed some shocking vulnerabilities. When a company claimed to have a secure environment, they decided to take it a step further and put their confidence to the test. They asked, "Are you sure you want this real-world?" And the answer was a resounding "Yes!".

View Video

Razorthorn

Read more about Real-World Security Testing: Uncovering Vulnerabilities in Uninterrupted Power Supplies

How to avoid web cache poisoning attacks

Sep 11, 2023 By Najia Gul In Snyk

Web cache poisoning is a cyber attack that wreaks havoc on unsuspecting websites. It exploits vulnerabilities by caching mechanisms that web servers, proxies, and content delivery networks (CDNs) use, compromising data integrity. Malicious actors can use cache poisoning to deliver malicious payloads, tamper with sensitive information, or redirect users to fraudulent websites. In this article, we’ll comprehensively explore web cache poisoning attacks and how they work.

Read Post

Snyk

Read more about How to avoid web cache poisoning attacks

Cisco VPN Zero-Day exploited by ransomware gangs (CVE-2023-20269) - Insights and best practices for defense

Sep 11, 2023 By Tally Netzer In IONIX

In the tech security scene, we’re always on the lookout for new vulnerabilities, especially when they are already exploited in the wild. The latest zero-day CVE-2023-20269 is hitting Cisco’s Adaptive Security Appliance VPN features. The attack surface scan conducted by IONIX research on a sample of organizations indicates that 13% of these appliances are potentially vulnerable through at least one interface.

Read Post

IONIX

Read more about Cisco VPN Zero-Day exploited by ransomware gangs (CVE-2023-20269) - Insights and best practices for defense

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Sep 9, 2023 By Wallarm In Wallarm

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Contextual Analysis for Python, Java, and JavaScript Projects with JFrog Frogbot

Sep 8, 2023 By Omer Zidkoni In JFrog

When scanning packages, CVE (Common Vulnerabilities and Exposures) scanners can find thousands of vulnerabilities. This leaves developers with the painstaking task of sifting through long lists of vulnerabilities to identify the relevance of each, only to find that many vulnerabilities don’t affect their artifacts at all.

Read Post