Vulnerability

Top considerations for addressing risks in the OWASP Top 10 for LLMs

Sep 7, 2023 By Simon Maple In Snyk

Welcome to our cheat sheet covering the OWASP Top 10 for LLMs. If you haven’t heard of the OWASP Top 10 before, it’s probably most well known for its web application security edition. The OWASP Top 10 is a widely recognized and influential document published by OWASP focused on improving the security of software and web applications. OWASP has created other top 10 lists (Snyk has some too, as well as a hands-on learning path), most notably for web applications.

Read Post

Snyk

Read more about Top considerations for addressing risks in the OWASP Top 10 for LLMs

New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)

Sep 7, 2023 By Manoj Ahuje In CrowdStrike

Two new local privilege escalation vulnerabilities were recently discovered in Ubuntu: CVE-2023-2640 (CVSS 7.8) and CVE-2023-32629 (CVSS 7.8). The vulnerabilities, dubbed GameOver(lay), affect the OverlayFS module in multiple Ubuntu kernels. Ubuntu’s official security bulletin here and here outlines the impacted versions by both CVEs. It’s important to note that CrowdStrike Falcon® Cloud Security protects against both vulnerabilities.

Read Post

CrowdStrike

Read more about New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)

What is Continuous Vulnerability Scanning?

Sep 7, 2023 By Keshav Malik In Astra

Vulnerability scanning plays a crucial role in safeguarding applications and systems. By utilizing advanced software tools, it detects weaknesses or ‘vulnerabilities’ in computer systems that could be exploited by malicious individuals to compromise the system or steal valuable data.

Read Post

Astra

Read more about What is Continuous Vulnerability Scanning?

2023H1 Threat Review: Vulnerabilities, Threat Actors and Malware

Sep 6, 2023 By Forescout Vedere Labs In Forescout

In a new threat briefing report, Forescout Vedere Labs looks back at the most relevant cybersecurity events and data between January 1 and July 31, 2023 (2023H1) to emphasize the evolution of the threat landscape. The activities and data we saw during this period confirm trends we have been observing in our recent reports, including threats to unmanaged devices that are less often studied.

Read Post

Forescout

Read more about 2023H1 Threat Review: Vulnerabilities, Threat Actors and Malware

Using HTTP request smuggling to hijack a user's session - exploit walkthrough

Sep 6, 2023 By Thomas Stacey In Outpost 24

During a recent customer engagement, I came across an instance of a rather rare vulnerability class called HTTP request smuggling. Over the course of several grueling days of exploit development, I was eventually able to abuse this vulnerability to trigger a response queue desynchronization, allowing me to capture other users’ requests, leading to session hijacking.

Read Post

Outpost 24

Read more about Using HTTP request smuggling to hijack a user's session - exploit walkthrough

Demo: Tanium Vulnerability Risk and Compliance for ServiceNow

Sep 6, 2023 By Tanium In Tanium

The Vulnerability Risk and Compliance demo provides an end-to-end walkthrough of the VRC solution including.

View Video

Tanium

Read more about Demo: Tanium Vulnerability Risk and Compliance for ServiceNow

Pythons and Birds: Duolingo and Telegram Hacked?

Sep 6, 2023 By Cato Networks In Cato Networks

In this week's episode, Bill and Robin explore the dangers of programmatic interfaces! The language-learning website, Duolingo, has fallen victim to an API exploit which has exposed 2.6 million user accounts, and there's threat actors on the dark web who are using Python to subversively change messages in Telegram threads. What's happening in the world, why should you care, and how can you stay protected?

View Video

Cato Networks

Read more about Pythons and Birds: Duolingo and Telegram Hacked?

Are You Protected from the 12 Most Exploited Vulnerabilities?

Sep 5, 2023 By Adam Murray In Mend

One of the most vital things to get right in application security is dependency management, and to achieve this, your suite of AppSec tools must be up to date. This means that your vulnerability scanning, detection, and remediation capabilities must be able to identify and address the newest and most exploited vulnerabilities. Do you know what these vulnerabilities are? Have you got them covered? With the help of some of the world’s leading cybersecurity authorities, you can be.

Read Post

Mend

Read more about Are You Protected from the 12 Most Exploited Vulnerabilities?

CyRC Vulnerability Advisory: CVE-2023-2453 Local File Inclusion in Forum Infusion and CVE-2023-4480 Arbitrary File Read in Fusion File Manager

Sep 5, 2023 By Matthew Hogg In Synopsys

Synopsys researcher discovers vulnerabilities CVE-2023-2453, CVE-2023-4480 in PHPFusion.

Read Post

Synopsys

Read more about CyRC Vulnerability Advisory: CVE-2023-2453 Local File Inclusion in Forum Infusion and CVE-2023-4480 Arbitrary File Read in Fusion File Manager

Node.js vs. Deno vs. Bun: JavaScript runtime comparison

Sep 5, 2023 By James Konik In Snyk

JavaScript runtimes help you build advanced, server-driven JavaScript projects that aren't dependent on the user's browser to run. There are several choices of runtimes available, with the supremacy of the old stalwart Node.js being challenged by Deno and Bun. Deno is the latest project produced by the same developer who originally created Node.js, Ryan Dahl, back in 2009.

Read Post