Vulnerability

Introducing Snyk AppRisk Essentials

Dec 12, 2023 By Snyk In Snyk

Snyk AppRisk Essentials is Snyk’s first ASPM offering, designed to help AppSec teams boost their Snyk-based developer security program. The solution helps Snyk customers automatically discover the different assets used to build their applications, manage coverage to ensure these assets are being secured properly by Snyk, and better prioritize issues based on the risk they pose to the business.

View Video

Snyk

Read more about Introducing Snyk AppRisk Essentials

ISO/IEC 27001 compliance guide for CISOs and IT Managers

Dec 11, 2023 By Outpost 24 In Outpost 24

Building trust with customers often starts by demonstrating the right security controls. In the digital age, data security is paramount, and adherence to standards like ISO/IEC 27001, PCI DSS, and SOC 2 has become a key differentiator in the competitive market landscape.

Read Post

Outpost 24

Read more about ISO/IEC 27001 compliance guide for CISOs and IT Managers

Snyk recognized as an Emerging Segment Leader in Application Security in Snowflake's Next Generation of Cybersecurity Applications report

Dec 11, 2023 By LaToya Muff In Snyk

We are thrilled to announce that Snyk has been acknowledged as a key player in the evolving landscape of application security. The recent release of Snowflake's Next Generation of Cybersecurity Applications report has designated Snyk as an Emerging Segment Leader in Application Security, highlighting our commitment to innovation and excellence in the field.

Read Post

Snyk

Read more about Snyk recognized as an Emerging Segment Leader in Application Security in Snowflake's Next Generation of Cybersecurity Applications report

CVE-2023-36553: Critical OS Command Injection Vulnerability in FortiSIEM

Dec 11, 2023 By Andres Ramos In Arctic Wolf

On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorized commands. This vulnerability is caused by improper neutralization of special elements in FortiSIEM report server.

Read Post

Arctic Wolf

Read more about CVE-2023-36553: Critical OS Command Injection Vulnerability in FortiSIEM

Weekly Cybersecurity Recap December 8

Dec 8, 2023 By Steven In IDStrong

This week’s data breaches contained significant impact figures from around the world. Malware on a vendor’s computer inadvertently breached Japan’s Line Messenger. New York’s East River Medical Imaging suffered the loss of employee and patient record information. The Pan-American Life Insurance Group faces a 105k record data breach through MOVEit.

Read Post

IDStrong

Read more about Weekly Cybersecurity Recap December 8

Demystifying CVSS Scoring

Dec 8, 2023 By Mike McGuire In Synopsys

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

Read Post

Synopsys

Read more about Demystifying CVSS Scoring

CrowdStrike Discovers Vulnerability in Flexera's FlexNet Inventory Agent (CVE-2023-29082)

Dec 8, 2023 By Patrick Romero - Sergey Kozlov In CrowdStrike

CrowdStrike’s cloud security team discovered a new vulnerability (CVE-2023-29082) in Flexera’s FlexNet Inventory Agent. When exploited, an attacker can escape from a container and gain root access to the host. Exploitation of CVE-2023-29082 can allow an attacker to perform a variety of actions on objectives, including execution of malware and exfiltration of data.

Read Post

CrowdStrike

Read more about CrowdStrike Discovers Vulnerability in Flexera's FlexNet Inventory Agent (CVE-2023-29082)

What is Exploit Prediction Scoring System (EPSS)?

Dec 8, 2023 By Nucleus In Nucleus

In this video, Patrick Garrity, Cybersecurity Researcher and VP at Nucleus, deep dives into the public preview of the Exploit Prediction Scoring System (EPSS).

View Video

Nucleus

Read more about What is Exploit Prediction Scoring System (EPSS)?

SEC Allegations: SolarWinds CISO Aware of Cyber Risks Who Should Fix Vulnerabilities? #podcast

Dec 7, 2023 By Razorthorn In Razorthorn

Welcome to our latest video where we unpack the recent SEC allegations surrounding SolarWinds CISO's awareness of cybersecurity risks and vulnerabilities. The SEC claims that despite this awareness, the issues were not adequately addressed. Join us as we delve into the critical question: Is the CISO now responsible for fixing vulnerabilities?

View Video

Razorthorn

Read more about SEC Allegations: SolarWinds CISO Aware of Cyber Risks Who Should Fix Vulnerabilities? #podcast

How Malicious Insiders Use Known Vulnerabilities Against Their Organizations

Dec 7, 2023 By Jaime Duque - Bobby Dean - Alex Merriam - Damon Duncan - Nicolas Zilio In CrowdStrike

We are well aware of the devastating effect insiders can have when using their legitimate access and knowledge to target their own organization. These incidents can result in significant monetary and reputational damages. Entities small and large, across all sectors, can fall victim to insider threats.

Read Post