%term

Why Risk-Based Vulnerability Management (RBVM) Increases Your Security Debt, and How You Can Fix It

Oct 30, 2024 By Nucleus In Nucleus

In this Nucleus webinar, we take a deep dive into the practical challenges and strategies for managing security debt in the context of Risk-Based Vulnerability Management (RBVM). Scott Kuffer, co-founder of Nucleus Security and veteran in vulnerability management, explains how RBVM has shifted from a holistic risk reduction approach to a prioritization-heavy process that often falls short. He discusses why traditional methods lead to excessive security debt and demonstrates how aligning VM processes with product management principles can create more efficient, business-centric remediation.

View Video

Nucleus

Read more about Why Risk-Based Vulnerability Management (RBVM) Increases Your Security Debt, and How You Can Fix It

The Essential Guide to Vulnerability Management Tools

Oct 29, 2024 By Amit Sheps In IONIX

Vulnerability management programs attempt to identify and correct software vulnerabilities before they pose a significant threat to an organization’s cybersecurity. To learn more about how to design and implement a vulnerability management program, check out these resources: This article describes the tools that an organization will need to implement an effective vulnerability management program.

Read Post

IONIX

Read more about The Essential Guide to Vulnerability Management Tools

CVE-2024-51567 Code Execution Vulnerability in CyberPanel

Oct 29, 2024 By Nethanel Gelernter In IONIX

This post is based on ongoing security research – and will continue to be updated as we get additional information…

Read Post

IONIX

Read more about CVE-2024-51567 Code Execution Vulnerability in CyberPanel

Emerging Threat: FortiJump (CVE-2024-47575)

Oct 29, 2024 By Emma Zaballos In CyCognito

CVE-2024-47575, also known as FortiJump, is a critical (9.8) missing authentication vulnerability affecting critical functions in FortiManager and FortiManager Cloud versions. Threat researcher Kevin Beaumont published a blog post on October 22nd, 2024 identifying this vulnerability as a zero day. This vulnerability is separate from CVE-2024-23113, which also affects FortiGate devices.

Read Post

CyCognito

Read more about Emerging Threat: FortiJump (CVE-2024-47575)

Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities

Oct 29, 2024 By UpGuard Team In UpGuard

The Common UNIX Printing System (CUPS) is a widely used printing system on Unix-like operating systems, but recent vulnerabilities have exposed significant risks. The most critical is CVE-2024-47176, which affects the cups-browsed service by binding to the IP address INADDR_ANY:631. This configuration flaw causes it to trust all incoming packets, leading to potential remote code execution when interacting with malicious printers. This vulnerability is part of a chain of exploits, including.

Read Post

UpGuard

Read more about Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities

The FortiManager RCE Vulnerability - The 443 Podcast - Episode 311

Oct 29, 2024 By WatchGuard In WatchGuard

This week on the podcast, we review Fortinet's recently-disclosed remote code execution vulnerability in the FortiManager system that has been under active exploit since at least June. After that, we discuss the SEC's recent action against 4 companies found at fault for misleading security incident disclosure statements. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.

View Video

WatchGuard

Read more about The FortiManager RCE Vulnerability - The 443 Podcast - Episode 311

Best Practices for Continuous Vulnerability Management

Oct 29, 2024 By Liran Tal In Snyk

Continuous vulnerability management is not just a best practice—it's a necessity. With so many open-source dependencies to choose from (almost 3 million on the npm registry!), it’s no wonder supply chain security incidents are the focus of malicious actors. Let’s not forget the rise of ChatGPT, LLM chatbots, and AI-assisted code generation.

Read Post

Snyk

Read more about Best Practices for Continuous Vulnerability Management

Top 5 SAST Auto-fixing Tools and How They Compare

Oct 29, 2024 By Liqian Lim () In Snyk

7 hours. That’s how long, on average, a developer takes to remediate a security issue in their code. Vulnerability detection is improving rapidly and scaling, but remediating security risks is still a tedious, time-consuming process that takes developers away from their core work. And now, with AI-generated code introducing vulnerabilities at greater speed and volume than ever before, remediation is taking even more time.

Read Post

Snyk

Read more about Top 5 SAST Auto-fixing Tools and How They Compare

Understanding CSRF and SSRF Attacks (Demo and Examples)

Oct 28, 2024 By Snyk In Snyk

In this video, we examine two critical web security vulnerabilities: CSRF (Cross-Site Request Forgery) and SSRF (Server-Side Request Forgery). Learn about each attack, how it differs, and why it poses serious risks to web applications.

View Video

Snyk

Read more about Understanding CSRF and SSRF Attacks (Demo and Examples)

Threat Context Monthly: Executive intelligence briefing for October 2024

Oct 28, 2024 By KrakenLabs In Outpost 24

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from October.

Read Post