Vulnerability

Urgent: 5 CVEs being exploited right now by SVR

Apr 20, 2021 By Edward Kost In UpGuard

The mastermind that orchestrated the SolarWinds attack may finally have a name. On Thursday, April 15th, the White House officially announced that the Russian Foreign Intelligence Service (SVR) - also known as APT 29, Cozy Bear, and The Dukes - was responsible for the campaign that exploited the SolarWinds Orion platform. But the attacks are not over yet. A joint advisory from the U.S.

Read Post

UpGuard

Read more about Urgent: 5 CVEs being exploited right now by SVR

4 ways Security and DevOps can collaborate to reduce application vulnerabilities

Apr 19, 2021 By Simon Roe In Outpost 24

Today's organisations are operating in a digital landscape filled with complexities and vulnerabilities. Increasingly, the applications and technologies businesses use to facilitate crucial business operations and connect people are at the mercy of cybercriminals - who are eager to attack from the shadows exploiting and stealing sensitive information held within these everyday applications. As such, security and DevOps teams need a collaborative approach to address and triage application vulnerabilities that continually present themselves - despite each team having different overall objectives.

Read Post

Outpost 24

Read more about 4 ways Security and DevOps can collaborate to reduce application vulnerabilities

Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

Apr 19, 2021 By Utsav Sanghani In Snyk

The Code Dx team is pleased to announce the general availability (GA) of Code Dx 5.3, which notably features an integration with Snyk to help customers integrate open source and container security into their continuous development processes. As we move toward a cloud native world, we’re working to ensure that developer-first tooling, secure cloud infrastructure, container security, and open source tools are fully integrated into Code Dx 5.3.

Read Post

Snyk

Read more about Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

OWASP Top 10: Insecure Deserialization Security Vulnerability Practical Overview

Apr 19, 2021 By Application Security Series In ImmuniWeb

Insecure Deserialization is #8 in the current OWASP Top Ten Most Critical Web Application Security Risks. It is difficult to exploit, but successful attacks can lead to remote code execution.

Read Post

ImmuniWeb

Read more about OWASP Top 10: Insecure Deserialization Security Vulnerability Practical Overview

Cybersecurity sketchnotes with Gavin Ashton: Evolution of the attack surface

Apr 19, 2021 By Netwrix In Netwrix

Watch the first episode of our new video series with cybersecurity expert Gavin Ashton. In this video Gavin covers the evolution of the attack surface and explains how to mitigate vulnerabilities.

View Video

Netwrix

Read more about Cybersecurity sketchnotes with Gavin Ashton: Evolution of the attack surface

Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

Apr 16, 2021 By Stefano Chierici In Sysdig

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines are affected as well, including Kubernetes and OpenShift.

Read Post

Sysdig

Read more about Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

How often should you perform vulnerability scanning? Best practices shared

Apr 15, 2021 By Editor In Cyphere

To understand how often vulnerability scanning should be performed, it’s important to delve into the drivers behind this objective. Vulnerability management includes the treatment of risks identified during the vulnerability assessments. This is a vital element of the risk management regime for any organisation. Without making informed choices around risk appetite, an organisation may not get the best out of a vulnerability management programme.

Read Post

Cyphere

Read more about How often should you perform vulnerability scanning? Best practices shared

Debunking the web application attack surface for Credit Unions

Apr 14, 2021 By Nicolas Renard and Stephane Konarkowski In Outpost 24

Financial services are big targets for cybercrime. As the world shifts from physical to online, credit unions are doubling down on web applications to improve access and ensure vital financial services for their members. But with that comes greater security risks. In this benchmark study, we analyze the Top US Credit Unions with our attack surface analysis tool to highlight security weaknesses they should watch out for.

Read Post

Outpost 24

Read more about Debunking the web application attack surface for Credit Unions

OWASP Top 10 API security vulnerabilities | API security risks

Apr 13, 2021 By Cyphere In Cyphere

OWASP API security top 10 is an API security project that focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). Through community-led projects globally, it is a great source for tools, resources, education & training for developers and technologists to secure the web and mobile applications. This community has also produced some of the best testing guides, cheat sheets, methodologies and a lot of community work for which all of us are grateful.

View Video

Cyphere

Read more about OWASP Top 10 API security vulnerabilities | API security risks

Bits of Security, Snyk.io: Stranger Danger: Finding Security Vulnerabilities Before They Find You!

Apr 13, 2021 By Datadog In Datadog

Open source modules on the NPM ecosystem are undoubtedly awesome. However, they also represent an undeniable and massive risk, since you’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce critical vulnerabilities into your application, exposing your application and your user's data. This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and—most importantly—learn how to avoid or fix it.

View Video