Vulnerability

Ultimate Guide to OWASP API Top 10

Jan 31, 2023 By John Iwuozor In Appknox

The OWASP API Top 10 is a list of common vulnerabilities found in APIs. OWASP created it as a resource for developers, testers, and security professionals to help them understand how to protect against API threats. Many people think that APIs are just another type of web application, but they're not; they have their own set of risks and challenges that need to be addressed. A simple API call can result in a data breach that could have lasting consequences for your business.

Read Post

Appknox

Read more about Ultimate Guide to OWASP API Top 10

CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

Jan 31, 2023 By Synopsys Cybersecurity Research Center In Synopsys

Learn about CVE-2022-23846, a denial-of-service-vulnerability affecting GTP libraries found in Open5GS.

Read Post

Synopsys

Read more about CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

ThreatSpike Red Disrupts Elite Cybersecurity Market with Revolutionary Offensive Cybersecurity Service for all Businesses

Jan 30, 2023 By ThreatSpike In ThreatSpike

Industry-first fixed price managed offensive security service aims to close the cybersecurity gap, strengthen customers' cyber defence posture, and reduce risk.

Read Post

ThreatSpike

Read more about ThreatSpike Red Disrupts Elite Cybersecurity Market with Revolutionary Offensive Cybersecurity Service for all Businesses

Using Python libraries for secure network communication

Jan 30, 2023 By Matt Jarvis In Snyk

Python is a popular and powerful programming language that is often used for building web applications, data analysis, and automation. One of the key challenges in such projects is ensuring the security of network communication, which can be vulnerable to various threats such as man-in-the-middle attacks and eavesdropping. Fortunately, Python offers a range of libraries for encrypting and securing network communication.

Read Post

Snyk

Read more about Using Python libraries for secure network communication

Advanced IntelliJ debugger features you're missing out on

Jan 30, 2023 By Liran Tal In Snyk

I recently finished writing my debugging book and a debugging course. And as a result, I frequently get asked about my favorite debugging features. Debugging is much more than the IDE debugger. In fact, only the first chapter in the book deals with that aspect. But when we think about debugging, tour mind gravitates to the IDE. However, there are still many nooks and crannies to discover inside these amazing tools. The core reason for this is simple — we never learned to debug.

Read Post

Snyk

Read more about Advanced IntelliJ debugger features you're missing out on

Adding security to Nuxt 3

Jan 27, 2023 By Jakub Andrzejewski In Snyk

Nuxt is an Intuitive Web Framework that allows you to build your next Vue.js application with confidence. It’s an open source framework under MIT license that makes web development simple and powerful. I highly recommend you check out the official website if you want to get started with it.

Read Post

Snyk

Read more about Adding security to Nuxt 3

Datadog on the Lifecycle of Threats and Vulnerabilities

Jan 27, 2023 By Datadog In Datadog

The security industry is full of complex terminology like threat, vulnerability, and mitigations. Definitions matter as we design processes that scale. At Datadog, the Security Research functions are focused on detection and response to specific types of threats and vulnerabilities. Workload vulnerabilities, cloud control plane vulnerabilities, and even cloud service provider vulnerabilities. Each security finding based on specific risk indicators needs to be addressed differently at Datadog and in our communications to the broader community.

View Video

Datadog

Read more about Datadog on the Lifecycle of Threats and Vulnerabilities

Cloud v/s Cloud Security - What to keep in Mind - Lalit Kumar

Jan 27, 2023 By Snyk In Snyk

A Day In the Life of a Cloud Security Leader - Lalit Kumar.

View Video

Snyk

Read more about Cloud v/s Cloud Security - What to keep in Mind - Lalit Kumar

Multiple Critical Vulnerabilities in VMware vRealize Log Insight

Jan 26, 2023 By Steven Campbell In Arctic Wolf

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). Although different vulnerability types, both vulnerabilities could allow an unauthenticated threat actor to inject files into the operating system of the vulnerable product which could result in RCE. Both vulnerabilities were responsibly disclosed to VMware and have not been actively exploited in campaigns.

Read Post

Arctic Wolf

Read more about Multiple Critical Vulnerabilities in VMware vRealize Log Insight

All the Proxy(Not)Shells

Jan 26, 2023 By Splunk Threat Research Team In Splunk

On September 28th it was disclosed by GTSC that there was a possible new zero day being abused in the wild beginning in early August. Although this campaign looked very similar to the previously abused vulnerability in Microsoft Exchange, dubbed ProxyShell at the time, comprising 3 CVEs (CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207) that when combined enabled an adversary to gain remote access to an Exchange PowerShell session that may be abused.

Read Post