Vulnerability

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

Sep 24, 2024 By Pedro Umbelino In BitSight

Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.

Read Post

BitSight

Read more about Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

CVE-2024-8190 - OS Command Injection in Ivanti CSA

Sep 24, 2024 By Pavithra Hanchagaiah In Indusface

A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.

Read Post

Indusface

Read more about CVE-2024-8190 - OS Command Injection in Ivanti CSA

How Security Debt Compounds Vulnerability Risk

Sep 24, 2024 By Corey Tomlinson In Nucleus

Organizations often find themselves caught in a perpetual cycle of identifying, prioritizing, and mitigating vulnerabilities that pose the most risk. Amid this ongoing battle, a significant challenge is often overlooked: security debt. Much like technical debt, security debt refers to the accumulation of unresolved vulnerabilities within an organization’s systems and software.

Read Post

Nucleus

Read more about How Security Debt Compounds Vulnerability Risk

Identifying Insecure C Code with Valgrind and Fixing with Snyk Code

Sep 24, 2024 By Liran Tal In Snyk

C and C++ remain foundational in critical software development. These languages power a wide array of systems, from embedded devices to high-performance applications in manufacturing, operational technology (OT), and the industrial market. Their efficiency, control over system resources, and performance make them indispensable for developers working on mission-critical projects.

Read Post

Snyk

Read more about Identifying Insecure C Code with Valgrind and Fixing with Snyk Code

Why is Vulnerability Management-as-a-Service Essential for Businesses?

Sep 24, 2024 By SafeAeon Inc. In SafeAeon

As cyber threats get smarter and more common, companies of all sizes need to make vulnerability management a top priority to keep their private data safe and their operations running smoothly. Traditional vulnerability management methods, which involve a lot of manual work and restricted visibility, aren't working well against the complicated problems that modern cyberattacks pose.

Read Post

SafeAeon

Read more about Why is Vulnerability Management-as-a-Service Essential for Businesses?

History of Vulnerability Management: Lessons from Past to Present

Sep 23, 2024 By SafeAeon Inc. In SafeAeon

Vulnerability management has been a key part of how companies protect their digital assets and has helped cybersecurity evolve. In the last few decades, vulnerability management has changed from simple patch management to complex, multi-layered plans meant to act upon cyber threats that are getting smarter all the time. In the early days of cybersecurity, people only took action after security was breached instead of trying to stop them.

Read Post

SafeAeon

Read more about History of Vulnerability Management: Lessons from Past to Present

In the Wild vs. Active Exploitation with Corey Bodzin

Sep 23, 2024 By LimaCharlie In LimaCharlie

Corey Bodzin, Chief Product Officer at GreyNoise, joined us for Defender Fridays to present his session, In the Wild vs. Active Exploitation.

View Video

LimaCharlie

Read more about In the Wild vs. Active Exploitation with Corey Bodzin

Exploiting AI Generated Code

Sep 23, 2024 By Snyk In Snyk

If you are using AI coding assistant tools, you need to be cautions when doing so, as these tools often generate code with vulnerabilities. In today's video we will be attempting to exploit two vulnerabilities that were found in AI generated code, as well as showing you how you can easily fix them.

View Video

Snyk

Read more about Exploiting AI Generated Code

4 Ways Ethical Hacking Services Helped Businesses Prevent Cyber Attacks

Sep 22, 2024 By SecuritySenses In SecuritySenses

As technology continues to advance at a rapid pace, so do the tactics of cybercriminals. For businesses of all sizes, the threat of a cyber attack is growing more and more concerning. Through the use of ethical hacking techniques, companies can identify vulnerabilities in their systems. They can also address them before malicious hackers exploit them. In this post, we will explore the ways ethical hacking services have become a valuable asset in the fight against cyber attacks.

Read Post

SecuritySenses

Read more about 4 Ways Ethical Hacking Services Helped Businesses Prevent Cyber Attacks

GitLab Patches Critical SAML Authentication Flaw: Protect Your Systems from Exploitation

Sep 20, 2024 By Foresiet In Foresiet

In today's fast-paced digital landscape, security vulnerabilities are constant concerns for organizations that rely on cloud-based services and distributed systems. Recently, GitLab addressed a critical security flaw that affected both its Community Edition (CE) and Enterprise Edition (EE). This flaw, tracked as CVE-2024-45409, has been categorized as a critical vulnerability with a CVSS score of 10.0, the highest possible score, signifying its severity.

Read Post