%term

Avoiding Pitfalls in Vulnerability Management: Key Insights and Best Practices

Dec 3, 2024 By Mieng Lim In Tripwire

Vulnerability management (VM) has always been a complex area of concern that requires continuous and active effort to work properly. This can make it challenging for organizations to maintain their VM strategies and solutions over time, as there are many angles to secure and processes to oversee. There are a wide range of potential ways that VM can go wrong, and it is essential for organizations to avoid the many pitfalls associated with it.

Read Post

Tripwire

Read more about Avoiding Pitfalls in Vulnerability Management: Key Insights and Best Practices

How to Find and Remediate PAN-OS Vulnerabilities in Seconds with Forward Enterprise

Dec 3, 2024 By Forward Networks In Forward Networks

With Forward Enterprise, you can go from "I think my network is vulnerable" to "I know the exact details of my network's vulnerabilities and I have a clear path to prioritizing remediation". In this video, Mike shows how users can quickly find critical vulnerabilities like Palo Alto Networks' CVE-2024-0012 and CVE-2024-9474. ).

View Video

Forward Networks

Read more about How to Find and Remediate PAN-OS Vulnerabilities in Seconds with Forward Enterprise

Web Shell Upload Via Extension Blacklist Bypass - Part 2

Dec 3, 2024 By VISTA InfoSec In VISTA InfoSec

Web shell attacks are a critical and growing threat, often evading traditional defenses. In this Part 2 of our exploration into web shell attacks, we uncover how attackers leverage extension blacklist bypasses to upload malicious web shells and compromise systems. Stay informed! Like, comment, and subscribe for more expert insights into cyber threats and effective defense strategies. For Collaboration and Business enquiries, please use the contact information below.

View Video

VISTA InfoSec

Read more about Web Shell Upload Via Extension Blacklist Bypass - Part 2

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

Dec 3, 2024 By Andres Ramos In Arctic Wolf

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing. VSPC is a management tool designed for service providers to manage customer backups. The vulnerability allows a remote threat actor to perform Remote Code Execution (RCE) on the VSPC server machine from an authorized VSPC management agent machine.

Read Post

Arctic Wolf

Read more about CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Dec 3, 2024 By Jamie Smith In Snyk

Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.

Read Post

Snyk

Read more about 2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Stored XSS Vulnerability in Dynamic Dashboard Paragraph Widget

Dec 2, 2024 By Prateek Kuber In Astra

Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 On October 5, 2024, the security researchers from Astra discovered a severe Stored Cross-Site Scripting vulnerability in Dynamic Dashboard’s paragraph widget. The widget, used for text and markdown, has inadequate input sanitization allowing attackers to inject malicious code.

Read Post

Astra

Read more about Stored XSS Vulnerability in Dynamic Dashboard Paragraph Widget

CVE-2024-9900: Stored XSS Vulnerability in Muddler's LocalAI

Dec 2, 2024 By Prateek Kuber In Astra

Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 Astra Security researchers identified a vulnerability in LocalAI, an Open-Source OpenAI alternative. The vulnerability, CVE-2024-9900, is a stored Cross-Site Scripting issue affecting the LocalAI v2.21.1 prompts, which allow malicious scripts and payloads to be input.

Read Post

Astra

Read more about CVE-2024-9900: Stored XSS Vulnerability in Muddler's LocalAI

DevSecOps Tools for Cybersecurity Success

Dec 2, 2024 By Jessica Amado In Seemplicity

With DevSecOps, cybersecurity has become integrated into every phase of the software development lifecycle (SDLC). DevSecOps tools work across development, security, and operations siloes and enable these teams to work collaboratively, ensuring security vulnerabilities are addressed early and efficiently, reducing risks before they reach production.

Read Post

Seemplicity

Read more about DevSecOps Tools for Cybersecurity Success

A SenseOn Advisory: PAN-OS zero-day vulnerabilities CVE-2024-9474 & CVE-2024-0012

Dec 2, 2024 By Daniela Lopez In SenseOn

On the 18th of November 2024, Palo Alto published advisories disclosing two vulnerabilities affecting the Web Management Interface in PAN-OS. The most critical of these vulnerabilities is CVE-2024-0012 with a severity rating of 9.3. Exploitation of this vulnerability allows a remote, unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges.

Read Post

SenseOn

Read more about A SenseOn Advisory: PAN-OS zero-day vulnerabilities CVE-2024-9474 & CVE-2024-0012

How Dark Mode Got Me Hacked

Dec 2, 2024 By Snyk In Snyk

The infamous Light Mode vs Dark Mode battle has been waging for some time... I've always been a Dark Mode person, but now, I think I might be changing sides. A PDF Dark Mode converter extension I've used for some time turned out to be malicious, so I set out to determine how this happened and how I can prevent it from happening again.

View Video