Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

According to security researcher nol_tech CVE-2024–50340 is a critical vulnerability (CVSS: 7.3) affecting Symfony applications when the PHP directive register_argc_argv is enabled. By appending ?+--env=dev to a URL, attackers can force the application into the dev environment, granting remote access to the Symfony profiler. This exposure can lead to the leaking of sensitive information and potentially executing arbitrary code.

Active Directory (AD) is crucial for an organization’s identity and access management strategy, but its complex architecture is also a prime zone for overlooked vulnerabilities. One such feature that’s often overlooked is Active Directory Certificate Services (ADCS). Active Directory Certificate Services ADCS is a service that provides a robust solution for managing digital certificates in a Windows Server environment. It leverages AD to manage certificates in a domain environment.

Smartphones and tablets can be invaluable tools in the workplace. They can also be tempting targets for cyber threats. Mobile attacks are on the rise, and outdated operating systems and misconfigured devices only exacerbate the issue. To protect your data, your users, and your organization’s digital integrity, you need a comprehensive mobile vulnerability management process.

Due to their numerous components and dependencies, web applications often have multiple vulnerabilities—many of them unknown and susceptible to zero-day attacks—that can be exploited by malicious HTTP requests. Determining whether a vulnerability exists is challenging without visibility into an application’s real-time data and event flows, which isn’t possible with existing firewall-based solutions.

On November 5, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing two critical-severity vulnerabilities affecting Aruba Networks Access Points. These vulnerabilities, identified as CVE-2024-42509 and CVE-2024-47460, could allow unauthenticated command injection.

Terraform is today’s leading Infrastructure-as-Code platform, relied upon by organizations ranging from small startups to multinational corporations. It enables teams to declaratively manage their cloud or on-premises infrastructure, allowing them to provision or decommission infrastructure components simply, consistently, and with auditability.