%term

RCE Zero Day Vulnerabilities in CUPS Put Linux Systems at Risk

Oct 1, 2024 By Vivek Chanchal In Indusface

A new series of vulnerabilities in the Common Unix Printing System (CUPS) threatens numerous Linux systems, potentially allowing remote code execution (RCE). This affects a wide range of platforms, including Debian, Red Hat, SUSE and macOS. The vulnerabilities—tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177—are believed to endanger over 76,000 devices, with estimates suggesting up to 300,000 could be affected.

Read Post

Indusface

Read more about RCE Zero Day Vulnerabilities in CUPS Put Linux Systems at Risk

Exploiting trust: Weaponizing permissive CORS configurations

Oct 1, 2024 By Thomas Stacey In Outpost 24

If you’re a pentester, or a consumer of application security pentest reports, you’ll probably have come across Cross-Origin Resource Sharing (CORS) and its commonly associated misconfigurations. In either case, you’ll likely have quickly dismissed the finding because it resulted in yet another “recommendation” (a vulnerability without any impact).

Read Post

Outpost 24

Read more about Exploiting trust: Weaponizing permissive CORS configurations

OWASP Global AppSec SF 2024: Empowering Developer Security As A Community

Oct 1, 2024 By Dwayne McDaniel In GitGuardian

Takeaways from OWASP Global AppSec SF 2024, covering security tools, AI risks, and strategies for improving application security while empowering developers.

Read Post

GitGuardian

Read more about OWASP Global AppSec SF 2024: Empowering Developer Security As A Community

Going beyond reachability to prioritize what matters most

Oct 1, 2024 By Jamie Smith In Snyk

Most modern applications contain a substantial number of open source packages, libraries, and frameworks. In fact, it's estimated that at least 80% of the source code in modern applications is from open source. In addition to relying heavily on commodity components to build applications, development teams often deploy these apps and services via community-sourced container base images.

Read Post

Snyk

Read more about Going beyond reachability to prioritize what matters most

A Case Study in Vulnerability Prioritization: Lessons Learned from Large-Scale Incidents

Oct 1, 2024 By Audra Streetman In Splunk

There’s no way around it: vulnerability management is complex. As organizations become more reliant on software and applications, the sheer volume of known vulnerabilities has become more difficult to track, prioritize, and remediate. Adversaries have also become increasingly reliant on exploiting vulnerabilities in order to compromise organizations.

Read Post

Splunk

Read more about A Case Study in Vulnerability Prioritization: Lessons Learned from Large-Scale Incidents

Critical Vulnerabilities Uncovered: How Bitsight Delivered Fast, Actionable Insights in Under 24 Hours

Sep 30, 2024 By BitSight In BitSight

The speed at which vulnerabilities are detected and addressed can drastically impact an organization’s likelihood of suffering a security incident. Recently, Bitsight demonstrated how its investments in product fingerprinting and CVE mapping allowed it to identify and surface assets potentially impacted by a set of critical vulnerabilities in the CUPS printing system in under 24 hours.

Read Post

BitSight

Read more about Critical Vulnerabilities Uncovered: How Bitsight Delivered Fast, Actionable Insights in Under 24 Hours

Breaking Down the OWASP Top 10 API Security Risks 2023 (& What Changed From 2019)

Sep 30, 2024 By Dustin Silveri In Veracode

The OWASP Top Ten lists have been the cornerstone for application security best practices for over two decades. The 2019 list was the first edition of the OWASP API Security Top 10. The latest, OWASP API Security Top 10 2023, gives our security and engineering teams a glimpse of attack vectors that are becoming more common. With that in mind, it also helps our security teams to ensure that they have adequate coverage for security testing.

Read Post

Veracode

Read more about Breaking Down the OWASP Top 10 API Security Risks 2023 (& What Changed From 2019)

The CUPS Vulnerability- The 443 Podcast - Episode 308

Sep 30, 2024 By WatchGuard In WatchGuard

This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.

View Video

WatchGuard

Read more about The CUPS Vulnerability- The 443 Podcast - Episode 308

What We Know So Far About Zero-Day CUPS Vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177

Sep 30, 2024 By Trustwave In Trustwave

On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems. CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS.

Read Post

Trustwave

Read more about What We Know So Far About Zero-Day CUPS Vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177

Cursor AI: The VS Code Competitor

Sep 30, 2024 By Snyk In Snyk

Cursor AI is a new AI-powered code editor that some say could be the VS Code KILLER... In this video, we will be putting that to the test by exploring the AI tool's features as well as using it to help with our code in building a notes API and UI.

View Video