%term

SSH Snake - Tanium Tech Talks #95

Jul 10, 2024 By Tanium In Tanium

In January of 2024 the #Linux / Unix world was rocked by a script that worms its way through insecure SSH connections to map your environment. A team of two Tanium SMEs built content that you need to find and map your exposure, giving you the information necessary to remediate your environment. But #Windows and #MacOS are not off the hook. SSH services on other platforms have the same exposure. Use this Tanium content to find the issue everywhere it is applicable.

View Video

Tanium

Read more about SSH Snake - Tanium Tech Talks #95

OpenSSH regreSSHion Vulnerability - The 443 Podcast - Episode 296

Jul 10, 2024 By WatchGuard In WatchGuard

This week on #the443podcast, Corey Nachreiner and Marc Laliberte cover OpenSSH's recent critical vulnerability and what it means for systems administrators. Before that, we discuss the CDK Global ransomware attack impacting car dealerships across the U.S., a Korean internet service provider delivering malware to their customers, and a takeover of a popular JavaScript library gone hostile.

View Video

WatchGuard

Read more about OpenSSH regreSSHion Vulnerability - The 443 Podcast - Episode 296

Quantifying the Probability of Flaws in Open Source

Jul 10, 2024 By Chris Eng In Veracode

Jay Jacobs and I recently delivered an RSA presentation called Quantifying the Probability of Flaws in Open Source. Since many people didn’t get a chance to see it, I thought I’d summarize some of the findings here for posterity. The question we investigated was simple, at least conceptually: what are the red flags of an open-source repository? Are there characteristics of a given open source library that would reliably indicate it was safer than others?

Read Post

Veracode

Read more about Quantifying the Probability of Flaws in Open Source

How Does a Browser Polyfill Work?

Jul 10, 2024 By Snyk In Snyk

Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure. Connect with Us Hashtags.

View Video

Snyk

Read more about How Does a Browser Polyfill Work?

Going beyond "shift left" to extend AppSec in all directions

Jul 9, 2024 By Ben Desjardins In Snyk

A week before RSA 2024, Forrester predicted which subjects and themes would come to the forefront of the conference. They emphasized that we’d see a focus on proactive security, defined as “a strategic approach to controlling security posture and reducing breaches through strong visibility, prioritization, and remediation.” I went into the conference with this prediction in mind. However, I was surprised by what I found.

Read Post

Snyk

Read more about Going beyond "shift left" to extend AppSec in all directions

Polyfill.io and Software Supply Chain Security: A Cautionary Tale

Jul 8, 2024 By Ansh Patnaik In CyCognito

Over 100,000 websites using a popular JavaScript service (polyfill.io) are now victims of a web supply chain attack. A web supply chain attack is a cyberattack is a type of software supply chain attack that targets a third-party web software component to gain access to an organization’s systems or data. These attacks can be difficult to prevent because they can be hard to detect, take advantage of trust, and have long-lasting effects.

Read Post

CyCognito

Read more about Polyfill.io and Software Supply Chain Security: A Cautionary Tale

OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable)

Jul 8, 2024 By Harman Singh In Cyphere

Software security is key to the online world’s survival. Collaborative efforts of cybersecurity professionals and volunteers have come together to create the OWASP web security testing guide. Malicious actors constantly threaten web applications, the backbone of many businesses. OWASP penetration testing is crucial for identifying and addressing these security vulnerabilities.

Read Post

Cyphere

Read more about OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable)

Uncovering the Polyfill.io Supply Chain Attack

Jul 8, 2024 By Snyk In Snyk

In this video, we will be uncovering how a sneaky supply chain attack on the JavaScript Polyfill.io service compromised websites across the globe, including big names like Intuit, Square, the U.S. government and more. Stay tuned to find out how the attack occurred and what you can do to prevent it!

View Video

Snyk

Read more about Uncovering the Polyfill.io Supply Chain Attack

CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers - 700,000+ Linux Boxes Potentially at Risk

Jul 6, 2024 By Wallarm In Wallarm

Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a collection of networking tools built on the Secure Shell (SSH) protocol. It is widely utilized to secure remote logins, manage and administer remote servers, and transfer files through SCP and SFTP. Nicknamed as the “RegreSSHion Bug”, Researchers at Qualys initially identified the vulnerability in May 2024.

Read Post

Wallarm

Read more about CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers - 700,000+ Linux Boxes Potentially at Risk

Stored XSS & Insecure File Upload In Cervantes Alpha 0.5

Jul 5, 2024 By Aakanksha Khanna In Astra

Two vulnerabilities—stored XSS and insecure file upload— have been detected in the Alpha 0.5 version of CervantesSec. This article will outline what CervantesSec does, the vulnerabilities found, and its current status.

Read Post