Vulnerability

Is your team on the security naughty or nice list?

Dec 20, 2023 By Mariah Gresham In Snyk

As kids, many of us felt anticipation, excitement, and maybe even nervousness during the holiday season. Had we been good enough to get the Gameboy, Barbie Dream House, or Etch a Sketch we’d been pining for, or were we just going to get a big ol’ lump of coal?

Read Post

Snyk

Read more about Is your team on the *security* naughty or nice list?

Release Spotlight: Qualys PCS

Dec 20, 2023 By Gil Azaria In Nucleus

In the culinary world, the adage “too many cooks spoil the broth” warns of the chaos and disarray that can arise from too many opinions and actions in the kitchen. However, this concept takes an intriguing twist in the realm of cybersecurity.

Read Post

Nucleus

Read more about Release Spotlight: Qualys PCS

How to Operationalize Vulnerability Threat Intelligence

Dec 20, 2023 By Nucleus In Nucleus

With so many vulnerabilities to address and potential threats looming, how can organizations prioritize and respond effectively? Enter Vulnerability Threat Intelligence (VTI). This knowledge not only aids in pinpointing vulnerabilities but also shapes strategies for risk acceptance and rapid responses to zero-day threats. Join our webinar where Patrick Garrity from Nucleus Security, Caleb Hoch from Google, and Jared Semrau from Mandiant, uncover how to effectively leverage vulnerability threat intelligence (VTI).

View Video

Nucleus

Read more about How to Operationalize Vulnerability Threat Intelligence

Under the hood of CVE patching

Dec 19, 2023 By Oshrat Nir In ARMO

Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates to software (patching) to address security vulnerabilities. CVE patching is your shield against the threat of malicious actors exploiting such weaknesses and is of crucial importance for every organization’s cybersecurity. This post will cover the basics of CVE patching: the roles and stakeholders, the step-by-step process, and common mistakes to avoid.

Read Post

ARMO

Read more about Under the hood of CVE patching

Microsoft Copilot Studio Vulnerabilities: Explained

Dec 19, 2023 By Andrew Silberman In Zenity

Last week, Michael Bargury and the team at Zenity published a video summarizing 6 vulnerabilities that are found in Microsoft Copilot Studio. The video highlights, in sequence, a myriad of ways that business users can create their own AI Copilots that are risky, why they are risky, and how they can be easily exploited. While I highly recommend checking out the video, this blog sets out to provide a look at why these vulnerabilities matter, and what considerations should be taken to mitigate them.

Read Post

Zenity

Read more about Microsoft Copilot Studio Vulnerabilities: Explained

The best Cybersecurity conference you never heard of

Dec 19, 2023 By Theresa Lanowitz In AT&T Cybersecurity

For the past 12 years in Austin, TX, the last week of October has been reserved for the Lonestar Application Security Conference (LASCON). Unequivocally, LASCON is the best cybersecurity conference you have never heard of! LASCON is the annual confab of the Austin, TX OWASP (the Open Worldwide Application Security Project) chapter. OWASP is a volunteer organization that is a treasure trove of application security information with things such as standards, discussion groups, documentation, and more.

Read Post

AT&T Cybersecurity

Read more about The best Cybersecurity conference you never heard of

Vulnerability disclosure: Which comes first, the security bug in PHP or the CVE?

Dec 19, 2023 By Liran Tal In Snyk

For security researchers, there is a series of hurdles in raising a potential vulnerability well before the issue itself is widely recognized. Convincing the project maintainers that there is an issue becomes the first hurdle, even with a working example. At times, there is a thin and fuzzy line to a vulnerable path being identified as a bug rather than a security vulnerability.

Read Post

Snyk

Read more about Vulnerability disclosure: Which comes first, the security bug in PHP or the CVE?

Common SAML vulnerabilities and how to remediate them

Dec 19, 2023 By Sam Sanoop In Snyk

Security Assertion Markup Language (SAML) is an XML-based framework that plays a pivotal role in enabling secure identity and access management. It acts as a trusted intermediary between various entities in a digital ecosystem, such as identity providers, service providers, and users. The primary purpose of SAML is to facilitate single sign-on (SSO), a seamless and efficient authentication process where a user can access multiple applications and services using a single set of credentials.

Read Post

Snyk

Read more about Common SAML vulnerabilities and how to remediate them

MOVEit Claims 7 Million More; Patients of Delta Dental of California and Others

Dec 19, 2023 By Steven In IDStrong

Delta Dental of California (DDC), Delta Dental Insurance Company, Delta Dental of Pennsylvania, and other subsidiaries may have exposed data; the compromised data is not a product of the organizations. Instead, the breach stems from a third-party servicer specializing in file management and transferring tools—MOVEit.

Read Post

IDStrong

Read more about MOVEit Claims 7 Million More; Patients of Delta Dental of California and Others

CVE-2023-50164: Public PoC Leveraged to Exploit Critical RCE Vulnerability in Apache Struts

Dec 18, 2023 By Andres Ramos In Arctic Wolf

On December 13, 2023, threat actors began exploitation attempts against CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability impacting Apache Struts, an open-source framework used to create Java Web applications. Based on current intelligence, the threat actors are leveraging a publicly published proof of concept (PoC) exploit.

Read Post