CyRC Vulnerability Advisory: CVE-2023-25828 Authenticated Remote Code Execution in Pluck CMS
Synopsys Cybersecurity Research Center discovers new RCE vulnerability that can leave Pluck Content Management System vulnerable.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vulnerability
Dev First Prevention Strategies Using the CI/CD
Watch this office hours where we cover best practices for introducing a blocking/prevention strategy using the CI/CD Integration. Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers.
Zero Day Defined: Zero-Day Vulnerabilities, Exploits & Attacks
Zero-Day” is an intriguing concept in the domain of cybersecurity. Imagine diligently following security best practices such as patching exploits and updating the systems regularly. Plus, you’re following strict risk management and governance frameworks within the organization to vet new software applications for security risk before adding them to your library. But what happens when the security flaws are novel — and a patch does not exist?
The rising trend of malicious packages in open source ecosystems
Since the beginning of 2023, Snyk has documented around 6800 malicious packages across PyPI and the npm registry, which requires little to no interaction, almost 860 of which were discovered by us.
Rubrik Gets Hit by The GoAnywhere Security Vulnerability: Is Customer Data at Risk?
Rubrik is a security company that specializes in cloud data management services. The company helps store and secure information for customers, and it's vital that it is able to keep that data safe. This is why hearing about a possible cyber-attack on the company is alarming. Rubrik was hit by the same GoAnywhere security vulnerability that dozens of other companies suffered from.
SharePoint Security: 8 Most Common Vulnerabilities
Once written off as a failed CMS incapable of generating a significant user base, Microsoft’s SharePoint has continually defied expectations to become one of the most widely-used ECM and Collaboration products ever. It caters to over 200 million users and 250,000 organizations, including 85% of Fortune 500 companies. SharePoint is a user-friendly intranet portal and provides a consolidated center for document sharing, tracking, and overall project management.
Penetration Testing vs Vulnerability Scanning: What's the Difference?
Penetration Testing (also known as pentesting or ethical hacking) is a simulation of an attack on a computer system, network, or web application to identify potential security vulnerabilities and gauge the effectiveness of existing security measures. These are typically performed by cybersecurity professionals with specialised knowledge and experience in identifying and exploiting system vulnerabilities.
Expression DoS Vulnerability Found in Spring - CVE-2023-20861
As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.
Coffee Talk with SURGe: Oakland Ransomware Attack, BreachForums, Acropalypse Vulnerability, GPT-4
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan shared their takes on responding to 0day vulnerabilities and the trio also discussed GPT-4 and the future of generative AI.
Save time fixing security vulnerabilities much earlier in your SDLC
Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like software configurations and security mechanisms.