Vulnerability

Dissecting Buffer Overflow Attacks in MongoDB

Apr 19, 2023 By Trustwave In Trustwave

Towards the end of 2020, a new vulnerability in MongoDB was found and published. The vulnerability affected almost all versions of MongoDB, up to v4.5.0, but was discussed and patched appropriately. The vulnerability, CVE-2020-7928, abuses a well-known component of MongoDB, known as the Handler, to carry out buffer overflow attacks by way of null-byte injections.

Read Post

Trustwave

Read more about Dissecting Buffer Overflow Attacks in MongoDB

Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges

Apr 19, 2023 By Michael Betti In Tripwire

Electrical grid security has been getting a lot of attention recently. It started fairly quietly, and then when it was a featured story on a news program, it rose to the top of the collective consciousness. However, the news stories that followed were focused entirely on the physical vulnerabilities of the US power grids. Few, if any stories covered the cybersecurity angle of securing the grids.

Read Post

Tripwire

Read more about Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges

Avoiding Kubernetes "CVE shock" through Relevancy and Prioritization

Apr 18, 2023 By Oshrat Nir In ARMO

ARMO is launching a new Kubernetes vulnerability relevancy and prioritization feature based on eBPF technology to help Kubernetes and DevSecOps practitioners focus on fixing the vulnerabilities that impact their security posture most.

Read Post

ARMO

Read more about Avoiding Kubernetes "CVE shock" through Relevancy and Prioritization

Preventing insecure deserialization in Node.js

Apr 17, 2023 By Benson Kuria Macharia In Snyk

Serialization is the process of converting a JavaScript object into a stream of sequential bytes to send over a network or save to a database. Serialization changes the original data format while preserving its state and properties, so we can recreate it as needed. With serialization, we can write complex data to files, databases, and inter-process memory — and send that complex data between components and over networks.

Read Post

Snyk

Read more about Preventing insecure deserialization in Node.js

Gain visibility into open source vulnerabilities with Datadog Application Vulnerability Management

Apr 17, 2023 By Mallory Mooney In Datadog

Open source libraries have become an indispensable part of modern applications. Approximately 90 percent of organizations use open source software to support their services, but monitoring these dependencies can be difficult when environments run thousands of ephemeral services.

Read Post

Datadog

Read more about Gain visibility into open source vulnerabilities with Datadog Application Vulnerability Management

Creating Trust in an Insecure World: Strategies for Cybersecurity Leaders in the Age of Increasing Vulnerabilities

Apr 17, 2023 By BitSight

Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.

Get Report

BitSight

Read more about Creating Trust in an Insecure World: Strategies for Cybersecurity Leaders in the Age of Increasing Vulnerabilities

What Is Zerologon and How Do You Mitigate It?

Apr 14, 2023 By Kevin Joyce In Netwrix

Commonly referred to as Zerologon, CVE-2020-1472 is the Common Vulnerabilities and Exposures (CVE) identifier assigned to a vulnerability in Microsoft’s Netlogon Remote Protocol (MS-NRPC). MS-NRPC is essential for authentication of both user and machine accounts in Active Directory.

Read Post

Netwrix

Read more about What Is Zerologon and How Do You Mitigate It?

What is Vulnerability Management?

Apr 14, 2023 By Nivedita James In Astra

Vulnerability management refers to continuously identifying, reporting, and remediating security risks within the cyber assets from networks to cloud platforms. It becomes vital that good cyber security measures with an extensive vulnerability management system be placed to ensure data and application safety.

Read Post

Astra

Read more about What is Vulnerability Management?

Does HIPAA require penetration testing?

Apr 14, 2023 By Outpost 24 In Outpost 24

The HIPAA Security Rule requires healthcare organizations to perform regular security risk assessments to protect e-PHI. Penetration testing can help organizations with this requirement.

Read Post

Outpost 24

Read more about Does HIPAA require penetration testing?

Another Expression DoS Vulnerability Found in Spring - CVE-2023-20863

Apr 14, 2023 By Dae Glendowne In Code Intelligence

Just recently, our open-source fuzzing engine Jazzer found an Expression DoS vulnerability in Spring (CVE-2023-20861). Now, three weeks later, Jazzer found another similar Expression DoS in the Spring framework, labeled CVE-2023-20863. This new finding has an even higher CVSS score of 7.5 (high), compared to the previous finding which came in at 5.3 (medium).

Read Post