Vulnerability

How threat intelligence can improve vulnerability management outcomes

Apr 27, 2024 By Chris Jacob, Global Vice President, Threat Intelligence Engineers In ThreatQuotient

It might surprise you to know that more than 70 new vulnerabilities are published every day. And despite their risk-reducing value in helping SOC teams address these, vulnerability management solutions have drawbacks. Often, they only provide a snapshot of an organization's vulnerabilities at a point in time. In fact, owing to their nature, vulnerabilities identified today may not exist tomorrow, or they may appear and disappear intermittently. This leaves security teams scrambling to understand not only what the risk is, but how it affects them and where they should start first with any remediation.

Read Post

ThreatQuotient

Read more about How threat intelligence can improve vulnerability management outcomes

How to use Snyk SBOM and Review Project Open Source Dependencies

Apr 27, 2024 By Snyk In Snyk

Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about How to use Snyk SBOM and Review Project Open Source Dependencies

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

Apr 26, 2024 By Andres Ramos In Arctic Wolf

On April 16, 2024, Ivanti disclosed two critical vulnerabilities within its Avalanche Mobile Device Management (MDM) solution. These vulnerabilities, identified as CVE-2024-29204 and CVE-2024-24996, are heap overflow issues in the WLInfoRailService and WLAvalancheService components, respectively. Both vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature due to the potential for unauthenticated Remote Code Execution (RCE) in low-complexity attacks.

Read Post

Arctic Wolf

Read more about CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

How Open Source Vulnerability Scanners Help with Remediation

Apr 26, 2024 By Snyk In Snyk

Watch full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about How Open Source Vulnerability Scanners Help with Remediation

Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package

Apr 25, 2024 By Eric Schwake In Salt Security

OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.

Read Post

Salt Security

Read more about Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package

Unmask Threats with Open Source Vulnerability Scanners

Apr 25, 2024 By Snyk In Snyk

Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about Unmask Threats with Open Source Vulnerability Scanners

Palo Alto Global Protect Command Injection Vulnerability

Apr 25, 2024 By Hetram Yadav and Aseem Rastogi In Coralogix

On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.

Read Post

Coralogix

Read more about Palo Alto Global Protect Command Injection Vulnerability

Why You Should Use Open Source Vulnerability Scanners

Apr 24, 2024 By Snyk In Snyk

Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about Why You Should Use Open Source Vulnerability Scanners

Vulnerability Assessments vs. Penetration Testing: Key Differences

Apr 24, 2024 By Moshiko Lev In Jit

In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixing vulnerabilities. This dichotomy poses a significant challenge, especially with the ever-increasing security loopholes. CISA recommends addressing critical issues in less than 15 days, but it may be wishful thinking. IT teams are inundated with an ever-increasing volume of security alerts, making it challenging to prioritize and address each one effectively.

Read Post

Jit

Read more about Vulnerability Assessments vs. Penetration Testing: Key Differences

360 degrees of application security with Snyk

Apr 24, 2024 By Soumen Mukherjee In Snyk

Application development is a multistage process. The App goes through various stages, each with its own area of focus. However, application security, a.k.a. AppSec, is constant throughout all the stages. For example, when a developer codes, it’s expected that the code will be secure. Similarly, the artifacts that are worked upon or generated as an end output of the respective stages are all required to be secure.

Read Post