Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

Arctic Wolf

Critical Remote Code Execution Vulnerability in VMware Aria Operations for Logs: CVE-2023-20864

Apr 21, 2023 By Steven Campbell In Arctic Wolf
On Thursday, April 20, 2023, VMware disclosed a critical deserialization vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result in unauthenticated remote code execution (RCE) as root. The vulnerability was responsibly disclosed to VMware through the Zero Day Initiative and has not been actively exploited in campaigns. Furthermore, we have not identified a public proof of concept (PoC) exploit for CVE-2023-20864.
Read Post
Snyk

4 best practices for cultivating developer security adoption

Apr 20, 2023 By Erin Cullen In Snyk

Implementing adequate software supply chain security is a challenging feat in 2023. Attackers are becoming more sophisticated, and the growing complexity of modern applications makes them difficult to defend. We’re talking microservices, multi-cloud environments, and complex workflows — all moving at the speed of business. To address these challenges, the Snyk team organized two roundtable discussions, one held in North America and the other in EMEA.

Read Post
Arctic Wolf

CVE-2023-27350: Exploitation of Critical RCE Vulnerability in PaperCut Print Management Server

Apr 20, 2023 By Steven Campbell In Arctic Wolf
On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by threat actors. CVE-2023-27350 could allow unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on January 10, 2023; PaperCut released a patch on March 8, 2023.
Read Post
bitsight

Remediate Zero Day Events with Third-Party Vulnerability Detection & Response

Apr 20, 2023 By Sabrina Pagnotta In BitSight

When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.

Read Post
code intelligence

New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access

Apr 20, 2023 By Roman Wagner In Code Intelligence
We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz.
Read Post

An Insider's View: The Updated OWASP API Top 10

Apr 20, 2023 By Salt Security In Salt Security
Stephanie Best, Director of Product Marketing, and Yaniv Balmas, VP of Research at Salt Labs, discuss what you need to know about the new 2023 OWASP API Security Top 10 release candidate. As a member of the OWASP committee that helped shaped the latest report, Yaniv takes you behind the scenes to learn what changed, what stayed the same, and why these decisions were made.
View Video

Introducing Bitsight Third-Party Vulnerability Response

Apr 20, 2023 By BitSight In BitSight
Bitsight Third-Party Vulnerability Response empowers organizations to take action on high priority incidents at a moments notice. Learn how to initiate vendor outreach and track responses to critical vulnerabilities through scalable templated questionnaires —with tailored exposure evidence— for more effective remediation. And grow and build trust across your ecosystem without worrying about expanded risk. Vulnerability Response not only facilitates communication with vendors but also allows you to track responses with more precision, coupling automated, bulk outreach with status updates and insights.
View Video

A CISOs Guide To The New 2023 OWASP API Security Update

Apr 20, 2023 By Wallarm In Wallarm
The OWASP API Security Project team recently posted the Top-10 API risks Release Candidate (RC) for 2023. Last updated in 2019, this new version is designed to help organizations understand the top threats against APIs and how to secure them. In this webinar, we will dig into the OWASP API Security Top-10 2023RC and discuss: We will share some of our data-driven insights, derived from our quarterly API ThreatStats(tm) Reports, and show how you can protect your APIs in real-time from the most impactful API threats.
View Video

A Practitioner's Guide to the New 2023 OWASP API Security Update

Apr 20, 2023 By Wallarm In Wallarm
The OWASP API Security Top-10 risks Release Candidate (RC) is now out for comment. This new version is designed to update your understanding of the top threats against APIs and how to secure them. In this deep-dive webinar, we will dig into each of the OWASP API Security Top-10 2023 RC risks and discuss: The focus of this 2nd webinar in the series will be on what practitioners – builders, breakers, defenders, and DevSecOps – need to know to better protect their APIs.
View Video
Snyk

Lessons from OpenSSL vulnerabilities part 1: Preparing your supply chain for the next critical vulnerability

Apr 19, 2023 By Jamie Smith In Snyk

It's early in the morning on an unseasonably warm Tuesday in October. You're checking your email as you enjoy your first cup of coffee or tea for the day, and you almost do a spit-take when you read that OpenSSL has a forthcoming release to fix a CRITICAL vulnerability. Immediately, visions of Heartbleed pop into your head.

Read Post
Subscribe to Vulnerability

Copyright © 2024 OpsMatters™. All rights reserved.