On October 5, 2023, we released a blog post discussing the Curl Vulnerability, the critical security issue in Curl and libcurl version 8.4.0, known as CVE-2023-38545. In addition, there was another low-severity vulnerability, CVE-2023-38546. These vulnerabilities were scheduled to be disclosed on October 11, creating significant anticipation. Now, that long-awaited date has arrived, bringing with it detailed information about the vulnerabilities, along with the release of the necessary patches.

A high-severity cURL vulnerability (CVE-2023-38545) is expected to be published in tandem with the 8.4.0 releases of the package on October 11th. While not much is known about the nature of the vulnerability, according to Daniel Stenberg, Curl’s creator and core maintainer, the vulnerability is “the worst security problem found in curl in a long time”.

By Ofri Ouzan & Yotam Perkal, Rezilion Security Research On September 27th, 2023 Google released an update including 10 security fixes. Notably, one of these fixes, identified as CVE-2023-5217, was highlighted for having an existing exploit in the wild. On October 2nd, 2023, CISA added this vulnerability to their KEV Catalog, signifying that it is being actively exploited in the wild.

For security leaders looking for a more modern approach to improve their application security posture and better manage enterprise risk, enter application security posture management, or ASPM. “Application security posture management analyzes security signals across software development, deployment, and operation to improve visibility, better manage vulnerabilities, and enforce controls, according to Gartner, which is bullish on the technology.

On September 11th, 2023 Google released an emergency security fix for a critical vulnerability discovered, identified as CVE-2023-4863 affecting the Google Chrome for Windows, macOS, and Linux. CVE-2023-4863 is a zero day heap buffer overflow vulnerability in Google Chrome’s WebP with a HIGH 8.8 CVSS score. The vulnerability allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.

What exactly does SOC 2 compliance mean? SOC 2 is a voluntary, yet indispensable security standard set out by the American Institute of Certified Public Accountants (AICPA), meticulously crafted for tech companies that hold sensitive data like Rezilion. SOC 2 compliance stands as the pinnacle of data security within the cloud-based products industry and reflects our unwavering commitment to safeguarding our customers’ data privacy and security.

Vulnerability management is difficult and not getting any easier. CISOs and security teams struggle to keep their organizations safe from cyber security threats that come from software flaws. A big part of the challenge is the growing number of vulnerabilities that need to be fixed and the lack of resources available to remediate them.

Application security posture management (ASPM) aims to change the conversation and strategy around software supply chain security. Application portfolios are growing significantly, which is creating headaches for security teams that are responsible for identifying and remediating vulnerabilities flagged in applications. Meanwhile, some of these applications may have been created without IT oversight or awareness, and that only compounds the stress.

Rezilion Named SBOM Vendor in Gartner Hype Cycle for Software Engineering and Representative Vendor for Vulnerability Assessment and Vulnerability Prioritization Technology NEW YORK, Sept. 6, 2023 — Rezilion, an automated software supply chain security platform, today announced that the company has been included in four unique Gartner Hype Cycle reports and identified as a representative vendor in the Gartner “Market Guide for Vulnerability Assessment” report.

A new Rezilion guide examines the growing trend toward the use of Application Security Posture Management (APSM), which aims to make applications secure and resilient, in turn, significantly reducing business risk. The paper explores the business drivers for ASPM, how ASPM works, what ASPM tools are designed to do, and the benefits of using them. One of the big pain points security teams have is a lack of visibility throughout the continuous development and deployment pipeline.