Vulnerability

MAX Prevents CRITICAL Zero-Day Vulnerability

Apr 11, 2024 By SecurityScorecard In SecurityScorecard

Today we learn about SecurityScorecard's MAX and how it single-handedly prevented a MAJOR Zero-Day Vulnerability. With SecurityScorecard MAX, you no longer have to worry about your supply chain being at risk. SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about MAX Prevents CRITICAL Zero-Day Vulnerability

CVE-2024-3094 Exposed: A Guide to Overcoming XZ/liblzma and Similar Threats Using Calico

Apr 11, 2024 By Reza Ramezanpour In Tigera

Before we start this blog post, let’s acknowledge that the only way to secure your environment from any vulnerability is to update the vulnerable hardware or software with patches that the author or the project community releases. Every other form of mitigation is only a way to provide an extended time for critical applications that cannot be updated immediately.

Read Post

Tigera

Read more about CVE-2024-3094 Exposed: A Guide to Overcoming XZ/liblzma and Similar Threats Using Calico

Vulnerability Management Metrics

Apr 11, 2024 By Nucleus

There are hundreds of statistics you could collect and monitor to use as guiding metrics, but that doesn't mean it's a good idea to do so. Learn the four most critical metrics to track in vulnerability management, and what they tell us about the health of your program.

Get EBook

Nucleus

Read more about Vulnerability Management Metrics

Fixing the Broken Vulnerability Management Process

Apr 11, 2024 By Nucleus

Many organizations are using outdated, highly inefficient, and time consuming VM processes that leave security personnel struggling to keep up. As the vulnerability landscape continues to evolve rapidly, the processes used to discover, track, and remediate them has failed to evolve with it.

Get White Paper

Nucleus

Read more about Fixing the Broken Vulnerability Management Process

Chapter One: The State of Vulnerability Management

Apr 11, 2024 By Nucleus

Vulnerability exploitation is involved in over half of breaches, making it a huge risk to organizations. And the problem only continues to balloon year over year... both in the speed at which attackers are capitalizing on exploited vulnerabilities, and in the way that technology and assets outgrow most organization's current vulnerability management programs. In this series, we're going to be breaking down how vulnerability management has grown and evolved over time, plus how to modernize your program using things like risk-based vulnerability management.

Get EBook

Nucleus

Read more about Chapter One: The State of Vulnerability Management

Nucleus Security Adds Industry Veterans to Board and Executive Team as Company Scales to Meet Growing Demand

Apr 10, 2024 By Nucleus In Nucleus

Company Appoints Jeremiah Grossman to Board of Directors and Adds Tamir Hardof as Chief Marketing Officer.

Read Post

Nucleus

Read more about Nucleus Security Adds Industry Veterans to Board and Executive Team as Company Scales to Meet Growing Demand

Six takeaways from our ASPM masterclass series

Apr 10, 2024 By Erin Cullen In Snyk

Software development moves fast, and many application security teams struggle to keep up. More sophisticated agile, DevOps, and cloud practices, along with the growing use of AI, mean more agility for development teams. However, these innovations are a challenge for security teams, as they must move at this same speed in order to secure applications effectively. Application security posture management (ASPM) directly responds to these emerging challenges.

Read Post

Snyk

Read more about Six takeaways from our ASPM masterclass series

Are you using JWTs safely in your app?

Apr 10, 2024 By Snyk In Snyk

⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about Are you using JWTs safely in your app?

OWASP Top 10 for LLM Applications: A Quick Guide

Apr 10, 2024 By AJ Starita In Mend

Published in 2023, the OWASP Top 10 for LLM Applications is a monumental effort made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond. OWASP contributors came up with over 40 distinct threats and then voted and refined their list down to the ten most important vulnerabilities.

Read Post

Mend

Read more about OWASP Top 10 for LLM Applications: A Quick Guide

CVE-2024-3094: Backdoor Found in XZ Utils Compression Tool Used by Linux Distributions

Apr 9, 2024 By Andres Ramos In Arctic Wolf

On March 29, 2024, a security researcher disclosed the discovery of malicious code in the most recent versions of XZ Utils data compression tools and libraries. The code contained a backdoor, which a remote threat actor can leverage to break sshd authentication (the service for SSH access) and gain unauthorized access to the system, potentially leading to Remote Code Execution (RCE).

Read Post