Vulnerability

Xfinity Writhes; 36 Million Records Breached via Vendor Vulnerability

Dec 22, 2023 By Steven In IDStrong

Xfinity is the name of Comcast Communications’ internet, TV, and phone service; it is the most significant cabled internet service in the states, with more than 32 million residential customers. Available in 39 contiguous states and the capital, the service provides communication solutions for individuals, companies, institutions, and clinical networks. Xfinity’s vast influence has made them a target for cybercriminals.

Read Post

IDStrong

Read more about Xfinity Writhes; 36 Million Records Breached via Vendor Vulnerability

Apache Struts 2 Vulnerability CVE-2023-50164 Exposed

Dec 21, 2023 By Mohammed Ansari In Indusface

On December 7th, 2023, the Apache Struts project disclosed a significant vulnerability, CVE-2023-50164, in its Struts 2 open-source web framework. Rated at a critical CVSS score of 9.8, this flaw resides within the framework’s file upload logic. Exploiting this vulnerability empowers attackers to manipulate upload parameters, potentially leading to arbitrary file upload and, under specific conditions, code execution.

Read Post

Indusface

Read more about Apache Struts 2 Vulnerability CVE-2023-50164 Exposed

Vulnerability Remediation for Servers: Beyond Just Patching

Dec 21, 2023 By John Gates In CalCom

To understand vulnerability remediation one must first understand remediation in cyber. Remediation refers to the process of addressing and resolving security vulnerabilities or incidents that could potentially pose a threat to an organization’s information systems, data, or network.

Read Post

CalCom

Read more about Vulnerability Remediation for Servers: Beyond Just Patching

Command injection in Python: examples and prevention

Dec 21, 2023 By Rubaiat Hossain In Snyk

Despite Python's reputation for simplicity and versatility, ensuring the security of Python programs can be challenging if you or other team members neglect security best practices during development. Additionally, you’ll likely use libraries or other open source projects while building a Python application. However, these resources can introduce additional security issues that leave your program vulnerable to exploits such as command injection.

Read Post

Snyk

Read more about Command injection in Python: examples and prevention

Is your team on the security naughty or nice list?

Dec 20, 2023 By Mariah Gresham In Snyk

As kids, many of us felt anticipation, excitement, and maybe even nervousness during the holiday season. Had we been good enough to get the Gameboy, Barbie Dream House, or Etch a Sketch we’d been pining for, or were we just going to get a big ol’ lump of coal?

Read Post

Snyk

Read more about Is your team on the *security* naughty or nice list?

Release Spotlight: Qualys PCS

Dec 20, 2023 By Gil Azaria In Nucleus

In the culinary world, the adage “too many cooks spoil the broth” warns of the chaos and disarray that can arise from too many opinions and actions in the kitchen. However, this concept takes an intriguing twist in the realm of cybersecurity.

Read Post

Nucleus

Read more about Release Spotlight: Qualys PCS

How to Operationalize Vulnerability Threat Intelligence

Dec 20, 2023 By Nucleus In Nucleus

With so many vulnerabilities to address and potential threats looming, how can organizations prioritize and respond effectively? Enter Vulnerability Threat Intelligence (VTI). This knowledge not only aids in pinpointing vulnerabilities but also shapes strategies for risk acceptance and rapid responses to zero-day threats. Join our webinar where Patrick Garrity from Nucleus Security, Caleb Hoch from Google, and Jared Semrau from Mandiant, uncover how to effectively leverage vulnerability threat intelligence (VTI).

View Video

Nucleus

Read more about How to Operationalize Vulnerability Threat Intelligence

Under the hood of CVE patching

Dec 19, 2023 By Oshrat Nir In ARMO

Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates to software (patching) to address security vulnerabilities. CVE patching is your shield against the threat of malicious actors exploiting such weaknesses and is of crucial importance for every organization’s cybersecurity. This post will cover the basics of CVE patching: the roles and stakeholders, the step-by-step process, and common mistakes to avoid.

Read Post

ARMO

Read more about Under the hood of CVE patching

Microsoft Copilot Studio Vulnerabilities: Explained

Dec 19, 2023 By Andrew Silberman In Zenity

Last week, Michael Bargury and the team at Zenity published a video summarizing 6 vulnerabilities that are found in Microsoft Copilot Studio. The video highlights, in sequence, a myriad of ways that business users can create their own AI Copilots that are risky, why they are risky, and how they can be easily exploited. While I highly recommend checking out the video, this blog sets out to provide a look at why these vulnerabilities matter, and what considerations should be taken to mitigate them.

Read Post

Zenity

Read more about Microsoft Copilot Studio Vulnerabilities: Explained

The best Cybersecurity conference you never heard of

Dec 19, 2023 By Theresa Lanowitz In AT&T Cybersecurity

For the past 12 years in Austin, TX, the last week of October has been reserved for the Lonestar Application Security Conference (LASCON). Unequivocally, LASCON is the best cybersecurity conference you have never heard of! LASCON is the annual confab of the Austin, TX OWASP (the Open Worldwide Application Security Project) chapter. OWASP is a volunteer organization that is a treasure trove of application security information with things such as standards, discussion groups, documentation, and more.

Read Post