Vulnerability

What Pandemic Responses Teach Us About Cybersecurity

Oct 19, 2021 By Anthony Israel-Davis In Tripwire

I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full of t-shirts. One thing I never would have predicted owning was a Tripwire-branded face mask to protect me from a global pandemic. Over the past year, I’ve worn that face mask more than any of my other swag. Of course, none of my other swag protected me and others from a highly contagious, deadly virus.

Read Post

Tripwire

Read more about What Pandemic Responses Teach Us About Cybersecurity

OWASP Top 10 in 2021: Insecure Design Practical Overview

Oct 18, 2021 By Application Security Series In ImmuniWeb

Insecure design is #4 in the current OWASP top Ten Most Critical Web Application Security Risks.

Read Post

ImmuniWeb

Read more about OWASP Top 10 in 2021: Insecure Design Practical Overview

OWASP Top 10 in 2021: Software and Data Integrity Failures Practical Overview

Oct 18, 2021 By Application Security Series In ImmuniWeb

Software and Data Integrity Failures is #8 in the current OWASP Top Ten Most Critical Web Application Security Risks.

Read Post

ImmuniWeb

Read more about OWASP Top 10 in 2021: Software and Data Integrity Failures Practical Overview

OWASP Top 10 in 2021: Server-Side Request Forgery (SSRF) Practical Overview

Oct 18, 2021 By Application Security Series In ImmuniWeb

Server-Side Request Forgery is #10 in the current OWASP Top Ten Most Critical Web Application Security Risks.

Read Post

ImmuniWeb

Read more about OWASP Top 10 in 2021: Server-Side Request Forgery (SSRF) Practical Overview

CyRC Vulnerability Advisory: SQL injection, path traversal leading to arbitrary file deletion and XSS in Nagios XI

Oct 13, 2021 By Scott Tolley In Synopsys

CVE-2021-33177, CVE-2021-33178, and CVE-2021-33179 are SQL injection, path traversal, and XSS vulnerabilities in the popular application, service, and network monitoring software Nagios XI.

Read Post

Synopsys

Read more about CyRC Vulnerability Advisory: SQL injection, path traversal leading to arbitrary file deletion and XSS in Nagios XI

An Introduction to the Snyk Team pricing plan

Oct 8, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about An Introduction to the Snyk Team pricing plan

WhiteSource Cure: Automated Remediation for Developers

Oct 7, 2021 By Cobi Tal In Mend

Keeping up with today’s rapidly evolving threat landscape is an ongoing battle for software development organizations, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery.

Read Post

Mend

Read more about WhiteSource Cure: Automated Remediation for Developers

CIS Control 07: Continuous Vulnerability Management

Oct 6, 2021 By Tyler Reguly In Tripwire

When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control 07 provides the minimum requirements, table stakes if you will, for establishing a successful vulnerability management program.

Read Post

Tripwire

Read more about CIS Control 07: Continuous Vulnerability Management

23andMe's Yamale Python code injection, and properly sanitizing eval()

Oct 5, 2021 By Andrey Polkovneychenko and Shachar Menashe In JFrog

JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that’s used by over 200 repositories. The issue has been assigned to CVE-2021-38305.

Read Post

JFrog

Read more about 23andMe's Yamale Python code injection, and properly sanitizing eval()

How to better secure user authentication protocols

Oct 4, 2021 By Devin Partida In AT&T Cybersecurity

In March 2021, cybersecurity researcher Le Xuan Tuyen discovered a security bug in Microsoft Exchange Server. The vulnerability, dubbed ProxyToken, lets attackers bypass the authentication process to access victims’ emails and configure their mailboxes.

Read Post