Vulnerability

Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

Apr 28, 2024 By Andres Ramos In Arctic Wolf

On April 12, 2024, Delinea issued an advisory to address a critical authentication bypass vulnerability identified in the SOAP API component of its Secret Server product, available in both Cloud and On-Premises solutions. A threat actor could exploit this vulnerability to bypass authentication, gain administrative access, and extract sensitive information.

Read Post

Arctic Wolf

Read more about Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

How to Analyze a Vulnerability from Snyk's Vulnerability Database - Snyk VulnDB

Apr 28, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about How to Analyze a Vulnerability from Snyk's Vulnerability Database - Snyk VulnDB

How threat intelligence can improve vulnerability management outcomes

Apr 27, 2024 By Chris Jacob, Global Vice President, Threat Intelligence Engineers In ThreatQuotient

It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization's vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.

Read Post

ThreatQuotient

Read more about How threat intelligence can improve vulnerability management outcomes

How to use Snyk SBOM and Review Project Open Source Dependencies

Apr 27, 2024 By Snyk In Snyk

Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about How to use Snyk SBOM and Review Project Open Source Dependencies

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

Apr 26, 2024 By Andres Ramos In Arctic Wolf

On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204 and CVE-2024-24996, are heap overflow issues in the WLInfoRailService and WLAvalancheService components, respectively. Both vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature due to the potential for unauthenticated Remote Code Execution (RCE) in low-complexity attacks.

Read Post

Arctic Wolf

Read more about CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

How Open Source Vulnerability Scanners Help with Remediation

Apr 26, 2024 By Snyk In Snyk

Watch full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about How Open Source Vulnerability Scanners Help with Remediation

Hunting the XZ Backdoor (CVE-2024-3094) | Threat SnapShot

Apr 26, 2024 By SnapAttack In SnapAttack

Welcome back to another episode of SnapAttack's Threat SnapShot! I’m AJ King, the Director of Threat Research here at SnapAttack. In today’s episode, I dive into detecting the XZ Backdoor, CVE-2024-3094, a sophisticated supply chain attack that could have had a massive impact on many Linux distributions.

View Video

SnapAttack

Read more about Hunting the XZ Backdoor (CVE-2024-3094) | Threat SnapShot

Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package

Apr 25, 2024 By Eric Schwake In Salt Security

OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.

Read Post

Salt Security

Read more about Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package

Unmask Threats with Open Source Vulnerability Scanners

Apr 25, 2024 By Snyk In Snyk

Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about Unmask Threats with Open Source Vulnerability Scanners

Palo Alto Global Protect Command Injection Vulnerability

Apr 25, 2024 By Hetram Yadav and Aseem Rastogi In Coralogix

On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.

Read Post