Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On December 10, 2024, Ivanti released updates for three critical-severity vulnerabilities impacting their Cloud Services Application. By chaining the vulnerabilities together, a threat actor could obtain administrative privileges via authentication bypass (CVE-2024-11639), which could then allow for remote code execution (CVE-2024-11172) and/or SQL injection (CVE-2024-11173).

A new role-based access control (RBAC) feature has been added to Outpost24’s external attack surface management (EASM) solution. This opens up new possibilities for Outpost24 customers, allowing them to be more granular when it comes to configuring permissions for different roles.

Securing HTTP requests is crucial when developing Go applications to prevent vulnerabilities like Server-Side Request Forgery (SSRF). SSRF occurs when an attacker manipulates a server to make unintended requests, potentially accessing internal services or sensitive data. We will explore how to secure HTTP requests by employing URL parsing and validation techniques, and provide example code to fortify the http.Get HTTP GET request handler.

Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin. On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. Initial indications of malicious activity in this campaign were identified as early as October 19, with a sharp increase in early December.

It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway's Founder’s Building in Egham, Surrey (UK) while studying for my MSc in Information Security. Back then, the lecture in progress was from the software security module. The first rule of software security back then was never to trust user inputs.

At Seal Security, our mission goes beyond simply fixing vulnerabilities in open source libraries—we aim to ensure that every patch we implement keeps your applications running smoothly. Patching an old library isn’t just about addressing the vulnerability; it's also about ensuring the fixed version works exactly as it did when it was first built.

We’re excited to announce that SBOMs (software bill of materials) generated by Snyk's tools will include license information! This new capability is part of our ongoing efforts in our Software Supply Chain Security solution. The developer-first tools in the solution help you gain a better understanding of your app’s supply chain, identify potential risks, and take the necessary steps to get ahead of them.

Today marks an exciting milestone for Nucleus as we unveil our refreshed brand and new website. This update isn’t just about a new look; it’s a reflection of our journey, growth, and unwavering commitment to you—our customers and partners.