On December 20, 2023, NIST updated a CVE to reflect a new path traversal vulnerability in struts-core. This is CVE-2023-50164, also listed on the Snyk Vulnerability database, with 9.8 critical severity CVSS. If you’ve been doing cybersecurity long enough, you remember the 2017 Equifax breach, which also took place due to an unpatched Struts vulnerability. In this post, I outline the issue, discuss its severity, walk you through a proof-of-concept exploit, and provide remediation advice.
Recently, Snyk hosted a wine tasting & customer discussion featuring David Imhoff, Product Security Leader at Kroger. The discussion focused on tackling the challenges of securing digital supply chains. Kroger is a retail giant with 2,700 stores and 400,000 employees. The organization faces unique challenges because it operates on such a massive scale, adding complexity to its software supply chain and security.
Googling your organization’s name will bring up all sorts of information. However, there’s more to the internet than the surface web that’s accessed through regular search engines: the deep web and the dark web. To stay ahead of potential threats and maximize incident response performance, security teams need a complete view of their organization’s presence across all areas of the internet.
Coming into 2023, we predicted that the economic downturn would fuel sophisticated fraud, the growth of serverless workloads will increase the attack surface, and there would be more MFA bombing attacks. As we look to 2024, Outpost24’s team of security experts have predicted the emerging threats that will shape the cybersecurity landscape. Dark AI tools, and a shift in security priorities are some of the challenges that organizations will face.
How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? CISO Global understands that credit unions’ member-owned and not-for-profit structure allows their banking counterparts to outpace them in allocating resources for cyber defenses. While credit unions are deeply committed to protecting member data, their budgetary constraints might limit their ability to invest in the most advanced cybersecurity technologies and staff.
An open redirect vulnerability occurs when a website allows user-supplied input to influence the destination of a redirect without implementing proper validation or sanitization measures. To exploit this vulnerability, an attacker may send users a seemingly trustworthy link, which, when clicked, redirects them to a harmful website, potentially leading to phishing attacks or other malicious activities.
Common cybersecurity vulnerabilities that cybercriminals can exploit include weak credentials, lack of data encryption, misconfigurations, out-of-date software and zero days. These vulnerabilities often lead to cyber attacks that bypass an organization’s security measures and steal confidential data. Organizations need to identify and mitigate these vulnerabilities to prevent security breaches.
