Vulnerability

The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You

Aug 14, 2023 By Omer Attias In SafeBreach

Public transportation payment systems have undergone significant changes over the years. Mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using smartphones or other mobile devices. This trend is likely to continue in the years to come. But how secure are mobile payment solutions for public transportation?

Read Post

SafeBreach

Read more about The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You

CVE-2023-39143: Critical Remote Code Execution Vulnerability in PaperCut Print Management Server

Aug 14, 2023 By Andres Ramos In Arctic Wolf

On August 4, 2023, security researchers published a blog detailing a critical remote code (RCE) vulnerability in PaperCut NG/MF print management servers (CVE-2023-39143: CVSS 8.4). CVE-2023-39143 could allow unauthenticated threat actors to read, delete, and upload arbitrary files on compromised systems, which results in RCE. Additionally, this vulnerability does not require user interaction.

Read Post

Arctic Wolf

Read more about CVE-2023-39143: Critical Remote Code Execution Vulnerability in PaperCut Print Management Server

Secure Java URL encoding and decoding

Aug 14, 2023 By Jura Gorohovsky In Snyk

URL encoding is a method that ensures your URL only contains valid characters so that the receiving server can correctly interpret it. According to the RFC 3986 standard, URIs (which are a superset of URLs) only contain a limited set of characters consisting of digits, letters, and a few graphic symbols, all within the ASCII character set. If a URL contains characters outside this limited set, the characters must be percent-encoded.

Read Post

Snyk

Read more about Secure Java URL encoding and decoding

Securing Third-Party Integrations in EHR Software: A Collaborative Endeavor

Aug 10, 2023 By SecuritySenses In SecuritySenses

Electronic Health Records (EHR) stand at the intersection of healthcare and technology, offering a digital representation of patient health histories. A vital aspect of EHR's efficacy is the seamless exchange of patient data between various systems and third-party tools. This interplay ensures that healthcare providers have the most up-to-date information on their patients, irrespective of where the initial data originated.

Read Post

SecuritySenses

Read more about Securing Third-Party Integrations in EHR Software: A Collaborative Endeavor

Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874

Aug 10, 2023 By Nicolas Zilio - Ken Balint - Marco Ortisi In CrowdStrike

CrowdStrike Counter Adversary Operations is committed to analyzing active exploitation campaigns and detecting and blocking zero-days to protect our customers. In July 2023, the CrowdStrike Falcon® Complete managed detection and response (MDR) team discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component.

Read Post

CrowdStrike

Read more about Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874

Starting Strategies: Where to Begin After Purchasing Snyk

Aug 10, 2023 By Snyk In Snyk

Luke Sanders, Senior Technical Success Manager, shares quick tips and best practices for getting started with Snyk. Topics covered include: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Starting Strategies: Where to Begin After Purchasing Snyk

CodeSecDays conference and more complete security coverage with GitGuardian

Aug 10, 2023 By Sarah Conway In Snyk

As secrets have a role in most security incidents, Snyk is excited to partner with GitGuardian to help development and security teams scale their security programs and further reduce an application's attack surface at every stage of the code-to-cloud lifecycle. We recently spoke at GitGuardian's first digital conference, CodeSecDays, joining security leaders from Chainguard, Doppler, Kondukto, and more — who shared insights on software signing, open source security, and secrets management.

Read Post

Snyk

Read more about CodeSecDays conference and more complete security coverage with GitGuardian

Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers

Aug 9, 2023 By Fireblocks In Fireblocks

The findings revealed major differences among MPC wallet providers, with industry leaders Coinbase WaaS and Zengo coming out on top.

Read Post

Fireblocks

Read more about Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers

Manage security issues in Jira with Snyk Security in Jira Cloud

Aug 9, 2023 By LaToya Muff In Snyk

Incorporating security into the software development lifecycle helps ensure the creation of secure and robust software applications from the very beginning. To further evolve our security offerings in the developer community, we announced our partnership with Atlassian to introduce Snyk Security in Jira Cloud as a part of the Security in Jira launch in June. Snyk started gradually rolling out the Jira Security App and has significantly improved the functionality and features available to users.

Read Post

Snyk

Read more about Manage security issues in Jira with Snyk Security in Jira Cloud

.NET developers alert: Moq NuGET package exfiltrates user emails from git

Aug 9, 2023 By Liran Tal In Snyk

On August 8, 2023, the.NET community was informed that the testing library called Moq exfiltrates developer's emails from their development machine and sends them off to third-party remote servers. Snyk has already published a security advisory and will alert developers who scan and monitor their.NET projects with Snyk.

Read Post