Your mobile apps are your business's face to the world. As an app creator or business owner, credibility is everything, and security is the cornerstone upon which it stands. Now, with the digital ecosystem being highly susceptible to breaches, even a single slip in security can shatter the trust your users have in your brand, tarnishing the hard-earned credibility of your business. This is why mobile app security is key to your business’s growth.

In 2022, Twitter suffered a massive data breach, which exposed the personal data of 5.4 million caused by broken authentication. Threat actors exploited Twitter's API vulnerability to gain unauthorized access to users' sensitive personal data. The incident resulted in reputational loss and hefty fines from the regulatory body for failing to protect users' data. This shows that no organization, regardless of size, is immune to data breaches.

With the rapid pace of technological evolution, ensuring security within the systems we operate and the software we deploy has never been more crucial. In the world of vulnerability management, we’ve moved from scanning Linux hosts to scrutinizing container images. However, are we looking for vulnerabilities in the right places?

On January 11th, 2024, a significant security vulnerability was disclosed in Jinja2, a widely used Python templating library. Identified as CVE-2024-22195, this cross-site scripting (XSS) vulnerability has raised concerns due to its impact on numerous projects. Jinja2 boasts over 33 million weekly downloads, nearly 10,000 GitHub stars, and over 90,000 dependent projects. The vulnerability affects all versions prior to 3.1.3, with the patched version 3.1.3 being the only safe option.

Transforming what we learned in 2023 to new learning in 2024 will be an exciting and fulfilling journey. In 2023, we saw a huge surge in the use of AI, including cyberattacks utilizing AI and machine learning. We are also seeing an increased awareness in the need for application security posture management (ASPM). Snyk has also launched its own ASPM solution — Snyk AppRisk — designed to help AppSec teams implement, manage, and scale their security programs.

Trustwave has observed a surge in attacks exploiting vulnerabilities in Apache ActiveMQ hosts. In certain cases, these host malicious Java Server Pages (JSP) web shells. The web shells are concealed within an unknown binary format and are designed to evade security and signature-based scanners. Notably, despite the binary's unknown file format, ActiveMQ's JSP engine continues to compile and execute the web shell.

Imagine navigating the vast, unpredictable ocean, where every wave and current brings a new challenge. This turbulent navigation experience mirrors the journey of companies navigating the complex world of cloud environments, filled with hidden dangers such as security vulnerabilities, misconfigurations, and compliance violations. In these deep digital seas, where threats lurk unseen, it’s crucial to have vigilance, a sophisticated understanding, and a guiding tool to illuminate the path ahead.

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library – CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities.

In the rapidly evolving cybersecurity landscape, organizations face an ever-increasing barrage of threats. Traditional vulnerability management, while foundational, often falls short in proactively and continuously identifying and mitigating threats. This necessitates a paradigm shift towards Continuous Threat Exposure Management (CTEM), a more dynamic approach that aligns with the complexities of today’s digital environments.

XML-RPC is a powerful and versatile protocol in the ever-evolving web development and data communication landscape. XML-RPC, which stands for Extensible Markup Language – Remote Procedure Call, provides a standardized way for software applications to communicate over the Internet. XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the webserver context.