%term

Broken Access Control in Committee Management System

Nov 1, 2024 By Prateek Kuber In Astra

On 24 September 2024, the security researchers at Astra discovered a critical broken access control vulnerability in the Class Committee Management System, an open-source project. The web-based system allows users to manage files, schedule meetings, generate reports, and access other management features. A broken access control vulnerability occurs when the application does not enforce proper permissions and restrictions.

Read Post

Astra

Read more about Broken Access Control in Committee Management System

Critical Infrastructure Security: Preparing for Emerging Threats

Nov 1, 2024 By Muhammad Omar Khan In SecuritySenses

Critical infrastructure security can never be overstated in an era when cyberattacks increasingly target modern civilization's backbone. In the past few years, cyberattacks on power grids, transportation systems, and public utilities have highlighted how vulnerable our society is to disruption. A single breach can bring entire regions to a standstill, highlighting the fragility of our interconnected systems.

Read Post

SecuritySenses

Read more about Critical Infrastructure Security: Preparing for Emerging Threats

LOTL Attacks-The Silent Saboteurs in Your Systems

Oct 31, 2024 By Ravid Circus, Co-founder and Chief Product Officer In Seemplicity

Living Off the Land (LOTL) cyber attacks have become a major headache for cybersecurity professionals. These insidious attacks are getting more sophisticated and widespread, posing serious risks to businesses and even national security. Unlike traditional malware-based attacks, LOTL techniques exploit the very tools and processes that organizations rely on for their daily operations.

Read Post

Seemplicity

Read more about LOTL Attacks-The Silent Saboteurs in Your Systems

Discovering Hidden Vulnerabilities in Portainer with CodeQL

Oct 31, 2024 By Eviatar Gerzi In CyberArk

Recently, we researched a project on Portainer, the go-to open-source tool for managing Kubernetes and Docker environments. With more than 30K stars on GitHub, Portainer gives you a user-friendly web interface to deploy and monitor containerized applications easily. Since Portainer is an open-source, we thought CodeQL, an advanced code analysis tool, be a good fit to check its codebase for any security issues.

Read Post

CyberArk

Read more about Discovering Hidden Vulnerabilities in Portainer with CodeQL

Lottie Player npm package compromised for crypto wallet theft

Oct 31, 2024 By Liran Tal In Snyk

On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package.

Read Post

Snyk

Read more about Lottie Player npm package compromised for crypto wallet theft

Seemplicity Announces Next Evolution of RemOps Platform with AI-Powered Capabilities

Oct 30, 2024 By Seemplicity In Seemplicity

Seemplicity transforms vulnerability management with AI-driven, tailored remediation plans, helping teams reduce risk faster and more efficiently.

Read Post

Seemplicity

Read more about Seemplicity Announces Next Evolution of RemOps Platform with AI-Powered Capabilities

Remote Desktop Protocol (RDP) Vulnerability

Oct 30, 2024 By John Gates In CalCom

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, providing the user access to remotely connect with another computer. Microsoft’s remote desktop protocol is one of the best currently available in the market, working efficiently with an effortless graphical user interface (GUI). It can be used between multiple Windows Operating Systems and Devices. This article discussed RDP protocol security and current RDP vulnerabilities.

Read Post

CalCom

Read more about Remote Desktop Protocol (RDP) Vulnerability

CVE-2024-50388: Critical OS Command Injection Vulnerability in QNAP HBS 3 Hybrid Backup Sync

Oct 30, 2024 By Andres Ramos In Arctic Wolf

On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own conference, this vulnerability affects HBS 3 Hybrid Backup Sync, a backup and disaster recovery solution used by organizations for secure data protection across multiple locations. The flaw allows remote attackers to execute arbitrary commands.

Read Post

Arctic Wolf

Read more about CVE-2024-50388: Critical OS Command Injection Vulnerability in QNAP HBS 3 Hybrid Backup Sync

How to Mitigate the Latest API Vulnerability in FortiManager

Oct 30, 2024 By Wallarm In Wallarm

Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to steal sensitive information containing configurations, IP addresses, and credentials used by managed devices. In advanced notification emails, Fortinet warned its users of the vulnerability and mitigation steps. The vulnerability has a critical severity rating of 9.8 out of 10.

Read Post

Wallarm

Read more about How to Mitigate the Latest API Vulnerability in FortiManager

How Kubernetes Changes the Vulnerability Management Ball Game

Oct 30, 2024 By John Alexander In Tigera

Kubernetes has become a cornerstone in modern IT environments, significantly revolutionizing the way applications are deployed and managed. Its ability to automate scaling, deployment, and management of containerized applications makes it indispensable for businesses aiming for agility, scalability, and efficiency. As organizations increasingly adopt microservices architectures, Kubernetes’ role in providing seamless orchestration and robust security continues to grow in importance.

Read Post