Vulnerability

Friday Flows episode 36: Using Tines Workbench for asset and vulnerability management

Sep 27, 2024 By Tines In Tines

Michael Tolan from Tines Labs returns with Cameron for another episode on Tines Workbench. In case you missed it, Workbench is a Tines-powered AI chat interface where you can take action and access proprietary data in real-time, privately and securely. This episode leverages Workbench to make a tedious process extremely simple to handle. For any teams spending a lot of time on asset and vulnerability management, this is a must-watch!

View Video

Tines

Read more about Friday Flows episode 36: Using Tines Workbench for asset and vulnerability management

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Sep 27, 2024 By Jim Armstrong In Snyk

On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.

Read Post

Snyk

Read more about Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Testing a NoSQL Injection Vulnerability

Sep 27, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Testing a NoSQL Injection Vulnerability

Exploit Attempt for a Cross Site Scripting Vulnerability

Sep 26, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Exploit Attempt for a Cross Site Scripting Vulnerability

How to prevent log injection vulnerability in JavaScript and Node.js applications

Sep 26, 2024 By Liran Tal In Snyk

In many standard enterprise applications, consistent logging serves a multitude of purposes. It helps businesses identify and rectify errors, provides valuable analytical insights, and lets you test new solutions. However, this also makes log injections one of the most common ways hackers can hijack or even gain access to sensitive user information.

Read Post

Snyk

Read more about How to prevent log injection vulnerability in JavaScript and Node.js applications

Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Sep 26, 2024 By Andres Ramos In Arctic Wolf

On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting Aruba Networking Access Points. These vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could allow remote unauthenticated attackers to execute code with privileged access.

Read Post

Arctic Wolf

Read more about Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Deep Dive into the Latest API Security Vulnerabilities in Envoy

Sep 26, 2024 By Wallarm In Wallarm

Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Lyft and now part of the Cloud Native Computing Foundation’s arsenal, is integral for companies scaling up their Kubernetes deployments. Envoy ensures efficient load balancing, security, and operational agility by managing external access to services within Kubernetes clusters,.

Read Post

Wallarm

Read more about Deep Dive into the Latest API Security Vulnerabilities in Envoy

Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform

Sep 26, 2024 By Nucleus In Nucleus

In this webinar, discover how the Nucleus Vulnerability Intelligence Platform (VIP) is changing the way organizations handle vulnerabilities. Learn how VIP empowers security teams to assess, prioritize, and mitigate vulnerabilities in real time by leveraging automated workflows, comprehensive data aggregation, and custom risk ratings. Key topics covered: Chapters Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!

View Video

Nucleus

Read more about Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform

Best Practices in Vulnerability Management

Sep 25, 2024 By Amit Sheps In IONIX

Vulnerability management is a major component of any cybersecurity strategy, simply because every vulnerability represents another potential vector through which an organization can be attacked.

Read Post

IONIX

Read more about Best Practices in Vulnerability Management

Chinese Hackers Target APAC Governments with EAGLEDOOR Malware Exploiting GeoServer Flaw

Sep 24, 2024 By Foresiet In Foresiet

In a sophisticated cyber espionage campaign, a group of Chinese hackers has exploited a critical vulnerability in GeoServer to target government organizations across the Asia-Pacific (APAC) region. This operation, linked to the advanced persistent threat (APT) group known as Earth Baxia, highlights the evolving landscape of cyber threats facing sensitive sectors, including government and energy.

Read Post