Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Arctic Wolf

How Zero-Days Work And Why They Aren't Going Away Anytime Soon

Sep 1, 2022 By Dan Schiappa In Arctic Wolf
Few security exploits are the source of more sleepless nights for security professionals than zero-day attacks. Just over Memorial Day weekend, researchers discovered a new vulnerability enabling hackers to achieve remote code execution within Microsoft Office. Dubbing the evolving threat the Follina exploit, researchers say all versions of Office are at risk.
Read Post
Trustwave

Squiz Matrix CMS Authenticated Privilege Escalation through IDOR

Aug 31, 2022 By Trustwave In Trustwave

During a recent engagement, Trustwave SpiderLabs discovered an Indirect Object Reference (IDOR) vulnerability within Squiz Matrix CMS which would allow any low privileged user to change the contact details of any other user on a Squiz Matrix instance (including administrators). An attacker exploiting the vulnerability could change an administrator’s email address to an attacker-controlled email address after which the attacker could reset the administrator’s password.

Read Post
Snyk

Best practices for containerizing .net applications

Aug 31, 2022 By Marcelo Oliveira In Snyk

Containerization with Docker has become a major trend in web application development that many.NET developers have adopted. There are many compelling advantages for developers and DevOps engineers to containerize.NET applications, even when working with the older.NET Framework 4.x versions. However, if we don’t know how to use containers properly, we’ll experience little benefit from them.

Read Post
Snyk

How to build a Slack bot with Zapier and JavaScript to fetch trending topics on Reddit

Aug 30, 2022 By Liran Tal In Snyk

Reddit is a good place to stay in the loop when it comes to web development news, and if you’re like me, you probably follow subreddits like r/node or r/javascript. I recently found a great way to build a Zapier Reddit integration with just my JavaScript knowledge — so I can share those trending Reddit posts in my team’s channel. In this article you’ll learn.

Read Post

How Malicious NPM Packages Make Your Apps Vulnerable

Aug 30, 2022 By Snyk In Snyk
During this live stream we had a conversation with Zbyszek Tenerowicz (ZB) where he discuss how we can be susceptible to malicious packages as developers. Didn't catch the live stream? Ask all of your Snyk questions, and we’ll do our very best to answer them in the comment section. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
View Video
jfrog

CVE-2021-38297 - Analysis of a Go Web Assembly vulnerability

Aug 30, 2022 By Uriya Yavnieli In JFrog

The JFrog Security Research team continuously monitors reported vulnerabilities in open-source software (OSS) to help our customers and the wider community be aware of potential software supply chain security threats and their impact. In doing so, we often notice important trends and key learnings worth highlighting.

Read Post
coralogix

Exploit vs. Vulnerability: What Is the Difference?

Aug 30, 2022 By Chris Cooney In Coralogix

Whenever engineers discover a new security issue, the question arises every time: is this an exploit or vulnerability? What is a software vulnerability? How does it differ from an exploit? A vulnerability is a gap in the armor or weakness that allows people to enter. The exploit is the mechanism that someone uses to get in. For example, a door with a fragile lock has a vulnerability. The exploit uses the keys, hammer, or lockpick to break the lock.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.