Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

kroll

Two Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

Jan 19, 2024 By George Glass In Kroll
Two vulnerabilities have been detected in in Citrix NetScaler ADC and NetScaler Gateway. These vulnerabilities are being tracked as CVE-2023-6549 and CVE-2023-6548 with CVSS scores of 8.2 and 5.5 respectively. They are under active exploitation, affecting the following product versions.
Read Post

How Jaguar Land Rover and Asda are Building a Modern DevSecOps Culture

Jan 19, 2024 By Snyk In Snyk
Organizations at different stages of growth or maturity will have different challenges when adopting a modern DevSecOps program. In this session we talked with Mike Welsh, Lead Enterprise Security Architect DevSecOps, at JLR, and Ruta Baltiejute, DevSecOps Lead at Asda, about their differing approach to implementing a secure development model at their organizations. We discussed the significant differences between how they’re building software today, including their approach to change in People, Process and Tooling.
View Video
appknox

How can OWASP MASTG and OWASP MASVS Redefine Your Mobile App Security?

Jan 19, 2024 By Harshit Agarwal In Appknox
The OWASP Mobile Application Security Testing Guide (MASTG) and the OWASP Mobile Application Security Verification Standard (MASVS) are two vital resources that have been instrumental in reshaping the landscape of mobile app security. Developed by cybersecurity experts, the MASTG is an elaborate manual that describes the technicalities for meeting the security requirements listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Read Post
appknox

Mobile Application Security - From Vulnerabilities to Vigilance

Jan 19, 2024 By Harshit Agarwal In Appknox
Your mobile apps are your business's face to the world. As an app creator or business owner, credibility is everything, and security is the cornerstone upon which it stands. Now, with the digital ecosystem being highly susceptible to breaches, even a single slip in security can shatter the trust your users have in your brand, tarnishing the hard-earned credibility of your business. This is why mobile app security is key to your business’s growth.
Read Post
appknox

A Comprehensive Guide on OWASP Top 10 2023 Compliance

Jan 19, 2024 By Harshit Agarwal In Appknox
In 2022, Twitter suffered a massive data breach, which exposed the personal data of 5.4 million caused by broken authentication. Threat actors exploited Twitter's API vulnerability to gain unauthorized access to users' sensitive personal data. The incident resulted in reputational loss and hefty fines from the regulatory body for failing to protect users' data. This shows that no organization, regardless of size, is immune to data breaches.
Read Post
armo

Are you looking for vulnerabilities in the right places?

Jan 18, 2024 By Ben Hirschberg In ARMO
With the rapid pace of technological evolution, ensuring security within the systems we operate and the software we deploy has never been more crucial. In the world of vulnerability management, we’ve moved from scanning Linux hosts to scrutinizing container images. However, are we looking for vulnerabilities in the right places?
Read Post
Snyk

Understanding and mitigating the Jinja2 XSS vulnerability (CVE-2024-22195)

Jan 18, 2024 By Calum Hutton In Snyk

On January 11th, 2024, a significant security vulnerability was disclosed in Jinja2, a widely used Python templating library. Identified as CVE-2024-22195, this cross-site scripting (XSS) vulnerability has raised concerns due to its impact on numerous projects. Jinja2 boasts over 33 million weekly downloads, nearly 10,000 GitHub stars, and over 90,000 dependent projects. The vulnerability affects all versions prior to 3.1.3, with the patched version 3.1.3 being the only safe option.

Read Post
Snyk

New Year's security resolutions for 2024 from Snyk DevRel, SecRel, and friends

Jan 18, 2024 By Micah Silverman In Snyk

Transforming what we learned in 2023 to new learning in 2024 will be an exciting and fulfilling journey. In 2023, we saw a huge surge in the use of AI, including cyberattacks utilizing AI and machine learning. We are also seeing an increased awareness in the need for application security posture management (ASPM). Snyk has also launched its own ASPM solution — Snyk AppRisk — designed to help AppSec teams implement, manage, and scale their security programs.

Read Post
Trustwave

Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell

Jan 18, 2024 By Trustwave In Trustwave
Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In certain cases, these host malicious Java Server Pages (JSP) web shells. The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners. Notably, despite the binary's unknown file format, ActiveMQ's JSP engine continues to compile and execute the web shell.
Read Post
nucleus

Release Spotlight: Orca Connector

Jan 18, 2024 By Gil Azaria In Nucleus
Imagine navigating the vast, unpredictable ocean, where every wave and current brings a new challenge. This turbulent navigation experience mirrors the journey of companies navigating the complex world of cloud environments, filled with hidden dangers such as security vulnerabilities, misconfigurations, and compliance violations. In these deep digital seas, where threats lurk unseen, it’s crucial to have vigilance, a sophisticated understanding, and a guiding tool to illuminate the path ahead.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.