Vulnerability

Three Critical Vulnerabilities Impacting VMware Workspace ONE Assist Server CVE-2022-31685, CVE-2022-31686 and CVE-2022-31687

Nov 10, 2022 By Steven Campbell In Arctic Wolf

On Tuesday, November 8, 2022, VMware disclosed three critical-severity vulnerabilities impacting VMware Workspace ONE Assist Server versions 21.x and 22.x. If successfully exploited, the reported vulnerabilities could lead to a threat actor obtaining administrative access to the application without the need to authenticate.

Read Post

Arctic Wolf

Read more about Three Critical Vulnerabilities Impacting VMware Workspace ONE Assist Server CVE-2022-31685, CVE-2022-31686 and CVE-2022-31687

Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

Nov 10, 2022 By Daniella Pontes In Sysdig

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

Read Post

Sysdig

Read more about Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

Implementing TLS in Java

Nov 9, 2022 By Brian Vermeer In Snyk

TLS, or transport layer security, is a protocol used across the globe to encrypt and secure communication over the internet. In this article, we’ll discuss what TLS is, what benefits it provides, and why you need it. Then we’ll walk through implementing TLS in Java.

Read Post

Snyk

Read more about Implementing TLS in Java

How to Modernize Access Control for Cloud Applications with Or Weis

Nov 9, 2022 By Snyk In Snyk

Building Modern Access Control for Cloud Applications Join us in this livestream with Permit.io CEO Or Weis as we cover what it means to build modern access controls for cloud applications. Many companies these days find themselves having to reimplement access-controls over and over; therefore, in this episode we discuss solutions, the 5 best practices and open-source tools that can be used. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.

View Video

Snyk

Read more about How to Modernize Access Control for Cloud Applications with Or Weis

Introduction to Snyk's revamped reporting

Nov 9, 2022 By Snyk In Snyk

A short overview of Snyk's new and revamped reporting capabilities, providing the visibility needed to hold data-based conversations between development and security. Key new capabilities include the addition of Snyk Code data, improved user experience and performance, new filtering and data sorting, and new sharing options. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Introduction to Snyk's revamped reporting

CVE-2022-27510: Citrix Gateway and Citrix ADC Critical Authentication Bypass Vulnerability, along with CVE-2022-27513 & CVE-2022-27516

Nov 9, 2022 By Adrian Korn In Arctic Wolf

On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass (CVE-2022-27516) vulnerability affecting several versions of Citrix ADC and Citrix Gateway. This bulletin only applies to customer-managed Citrix ADC and Citrix Gateway appliances as Citrix-managed cloud services are not affected. A threat actor could leverage these vulnerabilities in specific circumstances.

Read Post

Arctic Wolf

Read more about CVE-2022-27510: Citrix Gateway and Citrix ADC Critical Authentication Bypass Vulnerability, along with CVE-2022-27513 & CVE-2022-27516

Six Actively Exploited Vulnerabilities Patched in Microsoft's November Security Update

Nov 9, 2022 By Steven Campbell In Arctic Wolf

On November 8, 2022, Microsoft published their November 2022 Security Update and patched six actively exploited vulnerabilities. The vulnerabilities impact Windows and Exchange Server.

Read Post

Arctic Wolf

Read more about Six Actively Exploited Vulnerabilities Patched in Microsoft's November Security Update

Denial Of Service vulnerabilities

Nov 9, 2022 By John Gates In CalCom

A denial of service attack is a type of network attack in which an attacker makes the system, machine, or network unavailable to the intended users. There are various types of DOS attacks, like, for instance, a user is trying to reach a webpage but the page redirects the user to another URL or even the user can’t reach its destination i.e. access is blocked. In this article we will discuss.

Read Post

CalCom

Read more about Denial Of Service vulnerabilities

SnykLaunch Fall 2022 Helps Companies Successfully Drive DevSecOps

Nov 8, 2022 By Snyk In Snyk

Snyk's Developer Security Platform Now Secures the Cloud from Code Through Runtime, Enhanced With New Supply Chain Security Capabilities.

Read Post

Snyk

Read more about SnykLaunch Fall 2022 Helps Companies Successfully Drive DevSecOps

JFrog's security scanners discovered thousands of publicly exposed API tokens - and they're active! The Full Report

Nov 8, 2022 By Andrey Polkovnychenko and Shachar Menashe In JFrog

Note: This report was previously published in InfoWorld When developing the recently announced JFrog Advanced Security, our Research team decided to try out its new “Secrets Detection” feature. Our goal was to test our vulnerability detection on as much real world data as possible, to make sure we eliminate false positives and catch any bugs in our code.

Read Post