%term

Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Sep 27, 2024 By Emma Zaballos In CyCognito

CVE-2024-6670 is a critical (CVSS v3 score: 9.8) SQL injection vulnerability. Threat researcher Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) discovered that, if the application is configured with only one user, unauthenticated attackers can leverage this vulnerability to retrieve users’ encrypted passwords.

Read Post

CyCognito

Read more about Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service

Sep 27, 2024 By Stefan Hostetler In Arctic Wolf

On September 26, 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system that allows Unix-like operating systems, including Linux and MacOS, to manage printers and print jobs across local and networked environments. The newly identified CUPS vulnerabilities identified are.

Read Post

Arctic Wolf

Read more about Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service

Friday Flows episode 36: Using Tines Workbench for asset and vulnerability management

Sep 27, 2024 By Tines In Tines

Michael Tolan from Tines Labs returns with Cameron for another episode on Tines Workbench. In case you missed it, Workbench is a Tines-powered AI chat interface where you can take action and access proprietary data in real-time, privately and securely. This episode leverages Workbench to make a tedious process extremely simple to handle. For any teams spending a lot of time on asset and vulnerability management, this is a must-watch!

View Video

Tines

Read more about Friday Flows episode 36: Using Tines Workbench for asset and vulnerability management

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Sep 27, 2024 By Jim Armstrong In Snyk

On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.

Read Post

Snyk

Read more about Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Testing a NoSQL Injection Vulnerability

Sep 27, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Testing a NoSQL Injection Vulnerability

How to prevent log injection vulnerability in JavaScript and Node.js applications

Sep 26, 2024 By Liran Tal In Snyk

In many standard enterprise applications, consistent logging serves a multitude of purposes. It helps businesses identify and rectify errors, provides valuable analytical insights, and lets you test new solutions. However, this also makes log injections one of the most common ways hackers can hijack or even gain access to sensitive user information.

Read Post

Snyk

Read more about How to prevent log injection vulnerability in JavaScript and Node.js applications

Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Sep 26, 2024 By Andres Ramos In Arctic Wolf

On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting Aruba Networking Access Points. These vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could allow remote unauthenticated attackers to execute code with privileged access.

Read Post

Arctic Wolf

Read more about Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Deep Dive into the Latest API Security Vulnerabilities in Envoy

Sep 26, 2024 By Wallarm In Wallarm

Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Lyft and now part of the Cloud Native Computing Foundation’s arsenal, is integral for companies scaling up their Kubernetes deployments. Envoy ensures efficient load balancing, security, and operational agility by managing external access to services within Kubernetes clusters,.

Read Post

Wallarm

Read more about Deep Dive into the Latest API Security Vulnerabilities in Envoy

Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform

Sep 26, 2024 By Nucleus In Nucleus

In this webinar, discover how the Nucleus Vulnerability Intelligence Platform (VIP) is changing the way organizations handle vulnerabilities. Learn how VIP empowers security teams to assess, prioritize, and mitigate vulnerabilities in real time by leveraging automated workflows, comprehensive data aggregation, and custom risk ratings. Key topics covered: Chapters Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!

View Video