Vulnerability

New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access

Apr 20, 2023 By Roman Wagner In Code Intelligence

We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz.

Read Post

Code Intelligence

Read more about New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access

An Insider's View: The Updated OWASP API Top 10

Apr 20, 2023 By Salt Security In Salt Security

Stephanie Best, Director of Product Marketing, and Yaniv Balmas, VP of Research at Salt Labs, discuss what you need to know about the new 2023 OWASP API Security Top 10 release candidate. As a member of the OWASP committee that helped shaped the latest report, Yaniv takes you behind the scenes to learn what changed, what stayed the same, and why these decisions were made.

View Video

Salt Security

Read more about An Insider's View: The Updated OWASP API Top 10

Introducing Bitsight Third-Party Vulnerability Response

Apr 20, 2023 By BitSight In BitSight

Bitsight Third-Party Vulnerability Response empowers organizations to take action on high priority incidents at a moments notice. Learn how to initiate vendor outreach and track responses to critical vulnerabilities through scalable templated questionnaires —with tailored exposure evidence— for more effective remediation. And grow and build trust across your ecosystem without worrying about expanded risk. Vulnerability Response not only facilitates communication with vendors but also allows you to track responses with more precision, coupling automated, bulk outreach with status updates and insights.

View Video

BitSight

Read more about Introducing Bitsight Third-Party Vulnerability Response

A CISOs Guide To The New 2023 OWASP API Security Update

Apr 20, 2023 By Wallarm In Wallarm

The OWASP API Security Project team recently posted the Top-10 API risks Release Candidate (RC) for 2023. Last updated in 2019, this new version is designed to help organizations understand the top threats against APIs and how to secure them. In this webinar, we will dig into the OWASP API Security Top-10 2023RC and discuss: We will share some of our data-driven insights, derived from our quarterly API ThreatStats(tm) Reports, and show how you can protect your APIs in real-time from the most impactful API threats.

View Video

Wallarm

Read more about A CISOs Guide To The New 2023 OWASP API Security Update

A Practitioner's Guide to the New 2023 OWASP API Security Update

Apr 20, 2023 By Wallarm In Wallarm

The OWASP API Security Top-10 risks Release Candidate (RC) is now out for comment. This new version is designed to update your understanding of the top threats against APIs and how to secure them. In this deep-dive webinar, we will dig into each of the OWASP API Security Top-10 2023 RC risks and discuss: The focus of this 2nd webinar in the series will be on what practitioners – builders, breakers, defenders, and DevSecOps – need to know to better protect their APIs.

View Video

Wallarm

Read more about A Practitioner's Guide to the New 2023 OWASP API Security Update

Dissecting Buffer Overflow Attacks in MongoDB

Apr 19, 2023 By Trustwave In Trustwave

Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability affected almost all versions of MongoDB, up to v4.5.0, but was discussed and patched appropriately. The vulnerability, CVE-2020-7928, abuses a well-known component of MongoDB, known as the Handler, to carry out buffer overflow attacks by way of null-byte injections.

Read Post

Trustwave

Read more about Dissecting Buffer Overflow Attacks in MongoDB

Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges

Apr 19, 2023 By Michael Betti In Tripwire

Electrical grid security has been getting a lot of attention recently. It started fairly quietly, and then when it was a featured story on a news program, it rose to the top of the collective consciousness. However, the news stories that followed were focused entirely on the physical vulnerabilities of the US power grids. Few, if any stories covered the cybersecurity angle of securing the grids.

Read Post

Tripwire

Read more about Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges

Lessons from OpenSSL vulnerabilities part 1: Preparing your supply chain for the next critical vulnerability

Apr 19, 2023 By Jamie Smith In Snyk

It's early in the morning on an unseasonably warm Tuesday in October. You're checking your email as you enjoy your first cup of coffee or tea for the day, and you almost do a spit-take when you read that OpenSSL has a forthcoming release to fix a CRITICAL vulnerability. Immediately, visions of Heartbleed pop into your head.

Read Post

Snyk

Read more about Lessons from OpenSSL vulnerabilities part 1: Preparing your supply chain for the next critical vulnerability

Avoiding Kubernetes "CVE shock" through Relevancy and Prioritization

Apr 18, 2023 By Oshrat Nir In ARMO

ARMO is launching a new Kubernetes vulnerability relevancy and prioritization feature based on eBPF technology to help Kubernetes and DevSecOps practitioners focus on fixing the vulnerabilities that impact their security posture most.

Read Post

ARMO

Read more about Avoiding Kubernetes "CVE shock" through Relevancy and Prioritization

Preventing insecure deserialization in Node.js

Apr 17, 2023 By Benson Kuria Macharia In Snyk

Serialization is the process of converting a JavaScript object into a stream of sequential bytes to send over a network or save to a database. Serialization changes the original data format while preserving its state and properties, so we can recreate it as needed. With serialization, we can write complex data to files, databases, and inter-process memory — and send that complex data between components and over networks.

Read Post