Vulnerability

Critical Vulnerabilities in ConnectWise ScreenConnect Patched

Feb 20, 2024 By Andres Ramos In Arctic Wolf

On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software. At the time of writing, these vulnerabilities do not have CVE numbers assigned to them. ConnectWise has stated that the vulnerabilities have the potential to result in remote code execution (RCE). Vulnerability #1 (CVSS: 10): Allows a threat actor to achieve authentication bypass by leveraging an alternate path/channel.

Read Post

Arctic Wolf

Read more about Critical Vulnerabilities in ConnectWise ScreenConnect Patched

Preventing SQL injection attacks in Node.js

Feb 20, 2024 By Lucien Chemaly In Snyk

As reliance on software systems continues to grow, so does the emergence of numerous security threats. One notable threat for developers, especially those working with Node.js, is SQL injection. SQL injection is a malicious attack where nefarious SQL code is injected into a system, exposing sensitive information, corrupting or deleting data, and sometimes, granting unauthorized access to attackers.

Read Post

Snyk

Read more about Preventing SQL injection attacks in Node.js

Cross-site scripting attacks in action and how to protect against them

Feb 19, 2024 By Agon Hysenaj In Outpost 24

Cross-Site Scripting (XSS) attacks pose a significant security threat by infiltrating an application’s input fields with malicious code snippets. When users access the affected pages, this code is executed in their browsers, putting their sensitive information at risk. The malicious content injected into the web browser can take various forms, including JavaScript, HTML, Flash, or any other executable code.

Read Post

Outpost 24

Read more about Cross-site scripting attacks in action and how to protect against them

What is OWASP penetration testing?

Feb 16, 2024 By The Redscan Team In Redscan

OWASP pen testing is the assessment of web applications to identify vulnerabilities outlined in the OWASP Top Ten. An OWASP pen test is designed to identify, safely exploit and help address these vulnerabilities so that risks can be mitigated before they are exploited by adversaries.

Read Post

Redscan

Read more about What is OWASP penetration testing?

Bleeding Credit Unions Dry: The Story of Sloppy and Broken Operations

Feb 16, 2024 By CISO Global In CISO Global

How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? Very. Join CISO Global's Chris Clements, Tigran Safari, James Montagne, and special guest Iwona Karpeta as they discuss recent attacks against credit unions, how they responded, and how their customers were impacted. Speakers: Chris Clements is the VP of Solutions Architecture for CISO Global. Chris has spent more than two decades working in the information security field and has a wide range of experience, including business management, sales, product, and service delivery.

View Video

CISO Global

Read more about Bleeding Credit Unions Dry: The Story of Sloppy and Broken Operations

Threat Context Monthly: Executive intelligence briefing for February 2024

Feb 16, 2024 By KrakenLabs In Outpost 24

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Read Post

Outpost 24

Read more about Threat Context Monthly: Executive intelligence briefing for February 2024

SnapAttack ThreatLabs: How to Detect CVE-2023-46214

Feb 16, 2024 By Trenton Tait In SnapAttack

CVE-2023-46214 is identified as a Remote Code Execution (RCE) vulnerability within Splunk Enterprise, as reported in the Splunk security advisory SVD-2023-1104 on November 16, 2023. Successful exploitation of this vulnerability would give an attacker code execution on the target server. This can lead to exfiltration of sensitive information, persistence, lateral movement, destruction or impairment of the server, or many other malicious activities.

Read Post

SnapAttack

Read more about SnapAttack ThreatLabs: How to Detect CVE-2023-46214

Click with Caution: The Moniker Link Vulnerability (CVE-2024-21413) Exposed | Threat Snapshot

Feb 16, 2024 By SnapAttack In SnapAttack

Did you catch the Moniker Link vulnerability from Microsoft's recent "Patch Tuesday"? It's not often that a 9.8 CVSS remote code execution flaw is identified in one of Microsoft's products. But does it live up to the hype? Tracked as CVE-2024-21413, this security flaw could lead to NTLM credential theft and potentially allow remote code execution through manipulated hyperlinks in Microsoft Outlook.

View Video

SnapAttack

Read more about Click with Caution: The Moniker Link Vulnerability (CVE-2024-21413) Exposed | Threat Snapshot

National Cyber Security Centre (NCSC) Vulnerability Management Guidance Checklist

Feb 15, 2024 By Kevin Swartz In Nucleus

As of February 12, 2024, the National Cyber Security Centre (NCSC) has released Version 2.0 of its vulnerability management guidance. This update provides organizations with the latest strategies and practices to identify, assess, and manage cybersecurity vulnerabilities effectively. The NCSC’s updated guidance on vulnerability management outlines the importance of proactively managing vulnerabilities to secure technical estates.

Read Post

Nucleus

Read more about National Cyber Security Centre (NCSC) Vulnerability Management Guidance Checklist

Cryptographic failures | OWASP TOP 10

Feb 15, 2024 By VISTA InfoSec In VISTA InfoSec

In this video, we'll delve into the world of cryptography and explore the ever-evolving landscape of cryptographic failures. We'll start by examining the shift in the OWASP Top 10 from "Sensitive Data Exposure" (A03:2017) to "Cryptographic Failures" (A02:2021), highlighting the growing importance of proper cryptographic implementation in securing sensitive data.

View Video