Vulnerability

What is the Dirty COW exploit, and how to prevent it

Mar 27, 2024 By Eyal Katz In Spectral

Dirty COW, a seemingly light-hearted name, masks a severe Linux privilege escalation issue. This bug has affected many older Linux systems, which is concerning given that 41% of web servers run on Linux. Despite widespread patches in distributions like Ubuntu and Red Hat, Dirty COW remains a threat, particularly to outdated systems. As a significant security flaw, it poses risks to various devices and servers even in 2024.

Read Post

Spectral

Read more about What is the Dirty COW exploit, and how to prevent it

Vulnerability Management Lifecycle in DevSecOps

Mar 27, 2024 By Guest Expert In GitGuardian

In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.

Read Post

GitGuardian

Read more about Vulnerability Management Lifecycle in DevSecOps

How Snyk ensures safe adoption of AI

Mar 27, 2024 By Akanchha Shrivastava In Snyk

The AI revolution is reshaping industries, processes, and the very fabric of software development. As we navigate through this transformative era, it's crucial to understand not only the evolution and application of AI in software development but also the innovative ways in which Snyk, the industry-leading developer security platform, is harnessing AI to enhance security.

Read Post

Snyk

Read more about How Snyk ensures safe adoption of AI

What Does a Solid VM Ticketing Workflow Actually Look Like?

Mar 27, 2024 By Nucleus In Nucleus

In this webinar, Scott Kuffer discusses the challenges and best practices of vulnerability management workflows and ticketing. He emphasizes the discrepancy between vulnerability management teams' priorities and the priorities of the business as a whole. Scott explores different ticketing workflows, starting with basic vulnerability-based tickets and progressing to more advanced options such as asset-based, team-based, and action-based tickets. He highlights the benefits of automating ticket creation and reporting, as well as the potential for redefining how vulnerability management is approached within organizations.

View Video

Nucleus

Read more about What Does a Solid VM Ticketing Workflow Actually Look Like?

How To Achieve Vulnerability Remediation

Mar 26, 2024 By Sule Tatar In Arctic Wolf

Vulnerabilities are a major risk for organizations, and a major attack vector for threat actors. There were over 29,000 vulnerabilities published in 2023, amounting to over 3,800 more common vulnerabilities and exposure (CVEs) identifiers being issued last year than in 2022. But that doesn’t mean these most recent vulnerabilities are the only ones in a threat actor’s toolbox.

Read Post

Arctic Wolf

Read more about How To Achieve Vulnerability Remediation

CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Mar 26, 2024 By Andres Ramos In Arctic Wolf

On March 21, 2024, security researchers published a technical analysis along with a proof of concept (PoC) regarding the critical Remote Code Execution (RCE) vulnerability, CVE-2023-48788, in Fortinet’s FortiClientEMS. This vulnerability enables an unauthenticated threat actor to achieve RCE through the manipulation of SQL commands. Fortinet has stated that this vulnerability is under active exploitation. PoC exploit code is also now publicly available.

Read Post

Arctic Wolf

Read more about CVE-2023-48788: Active Exploitation and PoC for Critical RCE in Fortinet FortiClientEMS Observed

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

Mar 26, 2024 By Robert Haynes In Veracode

In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let’s examine a simple cross-site scripting (XSS) weakness.

Read Post

Veracode

Read more about Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

NPM Manifest Confusion: Six Months Later

Mar 26, 2024 By Andrey Polkovnichenko In JFrog

Several months ago, Darcy Clarke, a former Staff Engineering Manager at GitHub, discovered the “Manifest Confusion” bug in the npm ecosystem. The bug was caused by the npm registry not validating whether the manifest file contained in the tarball (package.json) matches the manifest data published to the npm server. Clarke claims this to be a large threat, allowing malicious actors to deceive developers and hide harmful code from detection.

Read Post

JFrog

Read more about NPM Manifest Confusion: Six Months Later

7 Steps to Implement an Effective Vulnerability Management Program

Mar 26, 2024 By Ariel Beck In Jit

When a new vulnerability is found, the race is on to either solve it or exploit it (depending on which side you’re on). But while attackers are getting faster, companies not so much. Dev teams take around 215 days to resolve a security vulnerability. The numbers are only marginally shorter when dealing with critical vulnerabilities. This delay is particularly concerning given the rise in zero-day exploits, where hackers take advantage of a security flaw before the organization even knows it exists.

Read Post

Jit

Read more about 7 Steps to Implement an Effective Vulnerability Management Program

6 Essential Steps to Use OWASP ZAP for Penetration Testing

Mar 25, 2024 By Shlomi Kushchi In Jit

There's no doubt that no organization wants to be the victim of a cyber attack, but even the most security-minded entity can find itself caught off-guard or exposed when a zero-day exploit is discovered.

Read Post