Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote attacker to run pipelines on arbitrary branches within a repository, which could potentially lead to code execution. A GitLab pipeline consists of a series of automated processes that execute in stages to build, test, and deploy code.

Astra Security identified a vulnerability in the InvenTree Inventory Management System on October 2nd, 2024, which has since been patched. This vulnerability, CVE-2024-47610, is stored cross-site scripting (stored XSS) that targets versions of InvenTree below 0.16.5, where ‘Markdown,’ in the Notes feature, can enable attackers to run code. Cross-site scripting vulnerabilities allow a hacker to inject HTML code into an application and affect the users who intercept the code.

After almost a decade in business, we’ve had the opportunity to watch the software development industry change dramatically. Developers work with more moving parts than ever, relying on technologies like third-party resources and AI coding assistants to release sophisticated software on tight deadlines. While we’ve been talking about the relationship between development and security for the past decade, the DevSecOps conversation has shifted quite a bit.

Efficiently managing cyber security exposures and vulnerabilities is critical to keeping an organization’s most valuable assets secure. With cyber threats growing in complexity and volume, security teams are constantly challenged to manage an increasing workload while keeping risks at bay. Streamlining the vulnerability management lifecycle has never been more important.

On April 12, 2024, Palo Alto Networks published a security advisory detailing an actively exploited maximum severity zero-day vulnerability affecting the GlobalProtect feature of PAN-OS. Dubbed CVE-2024-3400, it was assigned the maximum critical severity score of 10.0 through the Common Vulnerability Scoring System (CVSS), meaning the potential for damage was large and the path to exploit was easy for cybercriminals.

As organizations face increasingly sophisticated cyber threats, the importance of Continuous Vulnerability Management (CVM) continues to grow. GigaOm’s latest Radar Report for Continuous Vulnerability Management provides an in-depth analysis of the current landscape, offering a comprehensive look at the solutions and vendors leading the charge in this critical space. The report assesses a variety of platforms based on key criteria such as feature set, ease of use, performance, and innovation.