%term

How Dark Mode Got Me Hacked

Dec 2, 2024 By Snyk In Snyk

The infamous Light Mode vs Dark Mode battle has been waging for some time... I've always been a Dark Mode person, but now, I think I might be changing sides. A PDF Dark Mode converter extension I've used for some time turned out to be malicious, so I set out to determine how this happened and how I can prevent it from happening again.

View Video

Snyk

Read more about How Dark Mode Got Me Hacked

Why a solid DevOps foundation is vital for effective DevSecOps

Nov 27, 2024 By Ben Desjardins In Snyk

As DevOps adoption has grown, organizations are pushing code into production faster than ever. However, the fast pace of DevOps has led many developers to view security as a bottleneck or afterthought, which means security teams need a new approach to keep up.

Read Post

Snyk

Read more about Why a solid DevOps foundation is vital for effective DevSecOps

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Nov 27, 2024 By Pauline Bolaños In Trustwave

On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. This widely used open-source file archiving software enables remote actors to perform remote code execution (RCE) on vulnerable 7-Zip versions. This vulnerability was originally discovered earlier this year and was reported to 7-Zip in June 2024.

Read Post

Trustwave

Read more about CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Measuring AppSec success: Key KPIs that demonstrate value

Nov 26, 2024 By Daniel Berman In Snyk

In the software development industry, proactively securing the software development life cycle (SDLC) from cyber threats must always be a top priority. Taking a shift left approach addresses security early on so your development teams can spend more time innovating and less on dealing with vulnerabilities. But that’s just the beginning.

Read Post

Snyk

Read more about Measuring AppSec success: Key KPIs that demonstrate value

How to Enhance Secure Access to Screen Displays for Remote Workers

Nov 26, 2024 By SecuritySenses In SecuritySenses

Remote work is the new normal, and while it is flexible, it can easily introduce security risks. Protecting sensitive information on screen displays is crucial. With employees working from different locations, it's easier than ever to be exposed to threats. Hackers, unauthorized access, and accidental data sharing are just a few concerns. That's why secure access to screen displays is more important than ever. Let's explore how you can strengthen security for remote workers.

Read Post

SecuritySenses

Read more about How to Enhance Secure Access to Screen Displays for Remote Workers

How API Vulnerabilities Expose Millions of Records in Just Minutes! #DataLeak #DataBreach

Nov 25, 2024 By Wallarm In Wallarm

APIs are crucial for data flow, but they also open doors for rapid data breaches if security isn't real-time. In this video, we analyze how an API vulnerability led to a 250 million user data leak in just minutes. Learn why fast data flow in APIs requires immediate, real-time protection to prevent major damage. This case also highlights the often-overlooked importance of client-side security in API protection, especially as APIs are increasingly used in mobile apps and browsers. Discover essential insights to safeguard APIs from potential attacks.

View Video

Wallarm

Read more about How API Vulnerabilities Expose Millions of Records in Just Minutes! #DataLeak #DataBreach

Path Traversal in 2024 - The year unpacked

Nov 23, 2024 By Mackenzie Jackson In Aikido

Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.

Read Post

Aikido

Read more about Path Traversal in 2024 - The year unpacked

Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices

Nov 22, 2024 By Julian Tuin, Stefan Hostetler, Jon Grimm, Aaron Diaz, and Trevor Daher In Arctic Wolf

On November 18, 2024, Palo Alto Networks disclosed the existence of two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in Palo Alto Networks OS (PAN-OS), the operating system used on their firewall devices. A day later, watchTowr released a report providing technical details on how to chain the two vulnerabilities together to achieve remote code execution of these vulnerabilities.

Read Post

Arctic Wolf

Read more about Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices

Learn Cybersecurity for Free

Nov 22, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Learn Cybersecurity for Free

Security Bulletin: PAN-OS Authentication Bypass and Privilege Escalation Vulnerabilities

Nov 22, 2024 By Lauren Farrell In Centripetal

On November 19, 2024, Palo Alto Networks disclosed two critical vulnerabilities in its PAN-OS software, CVE-2024-0012 an Authentication Bypas, and CVE-2024-9474 a Privilege Escalation. These vulnerabilities enable attackers to gain unauthorized administrative access and escalate privileges to root level. Exploitation of these vulnerabilities, observed in the wild, has been attributed to a targeted campaign dubbed Operation Lunar Peek.

Read Post