%term

Machine Learning Bug Bonanza - Exploiting ML Clients and "Safe" Model Formats

Dec 4, 2024 By Shachar Menashe In JFrog

In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services.

Read Post

JFrog

Read more about Machine Learning Bug Bonanza - Exploiting ML Clients and "Safe" Model Formats

The Problem with Malware Extension Alerts

Dec 4, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about The Problem with Malware Extension Alerts

How Calico Vulnerability Management Works

Dec 4, 2024 By John Alexander In Tigera

In the ever-evolving Kubernetes landscape, security remains a paramount concern. Ensuring that your containers are free from vulnerabilities is crucial for maintaining the integrity and performance of your applications. This is where Calico Vulnerability Management steps in, offering a comprehensive solution designed to keep your Kubernetes environment secure from potential threats.

Read Post

Tigera

Read more about How Calico Vulnerability Management Works

Nucleus Security Partners with SecurityScorecard to Enhance Unified Risk Analysis and Compliance Reporting

Dec 3, 2024 By Nucleus In Nucleus

Customers can now ingest scorecard data directly into their Nucleus Security projects.

Read Post

Nucleus

Read more about Nucleus Security Partners with SecurityScorecard to Enhance Unified Risk Analysis and Compliance Reporting

Empowering Security Teams: Independent Open source vulnerability remediation

Dec 3, 2024 By Alon Navon In Seal Security

Traditional open source vulnerability remediation is a significant bottleneck in modern security. Organizations often grapple with hundreds or thousands of high and critical vulnerabilities, yet the process of upgrading dependencies is a manual, time-consuming, and error-prone task, heavily reliant on developers. Developers, naturally prioritizing feature development, may resist upgrades due to potential risks and increased workload.

Read Post

Seal Security

Read more about Empowering Security Teams: Independent Open source vulnerability remediation

Avoiding Pitfalls in Vulnerability Management: Key Insights and Best Practices

Dec 3, 2024 By Mieng Lim In Tripwire

Vulnerability management (VM) has always been a complex area of concern that requires continuous and active effort to work properly. This can make it challenging for organizations to maintain their VM strategies and solutions over time, as there are many angles to secure and processes to oversee. There are a wide range of potential ways that VM can go wrong, and it is essential for organizations to avoid the many pitfalls associated with it.

Read Post

Tripwire

Read more about Avoiding Pitfalls in Vulnerability Management: Key Insights and Best Practices

How to Find and Remediate PAN-OS Vulnerabilities in Seconds with Forward Enterprise

Dec 3, 2024 By Forward Networks In Forward Networks

With Forward Enterprise, you can go from "I think my network is vulnerable" to "I know the exact details of my network's vulnerabilities and I have a clear path to prioritizing remediation". In this video, Mike shows how users can quickly find critical vulnerabilities like Palo Alto Networks' CVE-2024-0012 and CVE-2024-9474. ).

View Video

Forward Networks

Read more about How to Find and Remediate PAN-OS Vulnerabilities in Seconds with Forward Enterprise

Web Shell Upload Via Extension Blacklist Bypass - Part 2

Dec 3, 2024 By VISTA InfoSec In VISTA InfoSec

Web shell attacks are a critical and growing threat, often evading traditional defenses. In this Part 2 of our exploration into web shell attacks, we uncover how attackers leverage extension blacklist bypasses to upload malicious web shells and compromise systems. Stay informed! Like, comment, and subscribe for more expert insights into cyber threats and effective defense strategies. For Collaboration and Business enquiries, please use the contact information below.

View Video

VISTA InfoSec

Read more about Web Shell Upload Via Extension Blacklist Bypass - Part 2

CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

Dec 3, 2024 By Andres Ramos In Arctic Wolf

On December 3, 2024, Veeam disclosed a critical vulnerability within the Veeam Service Provider Console (VSPC), tracked as CVE-2024-42448, which was discovered during internal testing. VSPC is a management tool designed for service providers to manage customer backups. The vulnerability allows a remote threat actor to perform Remote Code Execution (RCE) on the VSPC server machine from an authorized VSPC management agent machine.

Read Post

Arctic Wolf

Read more about CVE-2024-42448: Veeam Discloses Critical RCE Vulnerability in Service Provider Console

2024 Open Source Security Report: Slowing Progress and New Challenges for DevSecOps

Dec 3, 2024 By Jamie Smith In Snyk

Trust is the foundation of the open source community — but what happens when that trust is betrayed? When a backdoor vulnerability was found in a widespread Linux-based data compression tool, it nearly created an opportunity for malicious actors to seize control of countless computers worldwide. The vulnerability was introduced by a trusted contributor who, after years of building rapport with maintainers, ultimately exploited that trust.

Read Post