Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

cyphere

Penetration Testing vs Vulnerability Scanning

Jan 29, 2021 By Harman Singh In Cyphere

Vulnerability scans and penetration test are often used interchangeably. Unfortunately, it is the improper use that creates confusions, sometimes around security decisions too. This article shal help the reader with these terms: penetration testing vs vulnerability scanning, their project inputs, outputs, security health indicators and decision making factors.

Read Post
Snyk

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Jan 28, 2021 By Brian Vermeer In Snyk

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities in the packages you depend on. The major question is: where do I start?

Read Post
sysdig

How to detect sudo's CVE-2021-3156 using Falco

Jan 28, 2021 By Stefano Chierici In Sysdig

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. sudo is a powerful utility built in almost all Unix-like based OSes. This includes Linux distributions, like Ubuntu 20 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). This popular tool allows users to run commands with other user privileges.

Read Post
splunk

Detecting the Sudo Baron Samedit Vulnerability and Attack

Jan 28, 2021 By Ryan Kovar In Splunk

On January 26th, 2021, Qualys reported that many versions of SUDO (1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1) are vulnerable (CVE-2021-3156) to a buffer overflow attack dubbed Baron Samedit that can result in privilege escalations. Qualys was able to use this vulnerability to gain root on at least Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), some of the most modern and widely used Linux operating systems.

Read Post

Vulnerability Assessment Using Datadog and Snyk

Jan 25, 2021 By Snyk In Snyk
Vulnerability assessment for teams can often be overwhelming. This joint Datadog and Snyk session demonstrates the new integration between the two companies, which enables developers to precisely identify and prioritize code-level security fixes in production applications. Using a sample Java application, you'll see how Snyk surfaces vulnerability information at runtime inside the Datadog UI to help users triage fixes by not just seeing that a vulnerability exists but also how often they are exposed.
View Video
synopsys

Demystifying CVSS Scoring

Jan 19, 2021 By Mike McGuire In Synopsys

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

Read Post
cyberint

On Sale! Access to your Crown Jewels

Jan 18, 2021 By Neta Zeitak In Cyberint

Remote Desktop Protocol (RDP) is a communication protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection[1]. Once connected, the remote user will be able to communicate with the machine using their input devices, keyboard and mouse, and to have their screen displaying the output of their actions – as if they were physically connected. Simply put, gaining access to your crown jewels.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.