%term

Empowering Security Teams: Independent Open source vulnerability remediation

Dec 3, 2024 By Alon Navon In Seal Security

Traditional open source vulnerability remediation is a significant bottleneck in modern security. Organizations often grapple with hundreds or thousands of high and critical vulnerabilities, yet the process of upgrading dependencies is a manual, time-consuming, and error-prone task, heavily reliant on developers. Developers, naturally prioritizing feature development, may resist upgrades due to potential risks and increased workload.

Read Post

Seal Security

Read more about Empowering Security Teams: Independent Open source vulnerability remediation

CVE-2024-9900: Stored XSS Vulnerability in Muddler's LocalAI

Dec 2, 2024 By Prateek Kuber In Astra

Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 Astra Security researchers identified a vulnerability in LocalAI, an Open-Source OpenAI alternative. The vulnerability, CVE-2024-9900, is a stored Cross-Site Scripting issue affecting the LocalAI v2.21.1 prompts, which allow malicious scripts and payloads to be input.

Read Post

Astra

Read more about CVE-2024-9900: Stored XSS Vulnerability in Muddler's LocalAI

DevSecOps Tools for Cybersecurity Success

Dec 2, 2024 By Jessica Amado In Seemplicity

With DevSecOps, cybersecurity has become integrated into every phase of the software development lifecycle (SDLC). DevSecOps tools work across development, security, and operations siloes and enable these teams to work collaboratively, ensuring security vulnerabilities are addressed early and efficiently, reducing risks before they reach production.

Read Post

Seemplicity

Read more about DevSecOps Tools for Cybersecurity Success

A SenseOn Advisory: PAN-OS zero-day vulnerabilities CVE-2024-9474 & CVE-2024-0012

Dec 2, 2024 By Daniela Lopez In SenseOn

On the 18th of November 2024, Palo Alto published advisories disclosing two vulnerabilities affecting the Web Management Interface in PAN-OS. The most critical of these vulnerabilities is CVE-2024-0012 with a severity rating of 9.3. Exploitation of this vulnerability allows a remote, unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges.

Read Post

SenseOn

Read more about A SenseOn Advisory: PAN-OS zero-day vulnerabilities CVE-2024-9474 & CVE-2024-0012

How Dark Mode Got Me Hacked

Dec 2, 2024 By Snyk In Snyk

The infamous Light Mode vs Dark Mode battle has been waging for some time... I've always been a Dark Mode person, but now, I think I might be changing sides. A PDF Dark Mode converter extension I've used for some time turned out to be malicious, so I set out to determine how this happened and how I can prevent it from happening again.

View Video

Snyk

Read more about How Dark Mode Got Me Hacked

Stored XSS Vulnerability in Dynamic Dashboard Paragraph Widget

Dec 2, 2024 By Prateek Kuber In Astra

Product Name: Dynamic Dashboard Vulnerability: Stored XSS Vulnerable Version: >= 3.0.0, < 3.0.1 CVE: CVE-2024-47817 On October 5, 2024, the security researchers from Astra discovered a severe Stored Cross-Site Scripting vulnerability in Dynamic Dashboard’s paragraph widget. The widget, used for text and markdown, has inadequate input sanitization allowing attackers to inject malicious code.

Read Post

Astra

Read more about Stored XSS Vulnerability in Dynamic Dashboard Paragraph Widget

Why a solid DevOps foundation is vital for effective DevSecOps

Nov 27, 2024 By Ben Desjardins In Snyk

As DevOps adoption has grown, organizations are pushing code into production faster than ever. However, the fast pace of DevOps has led many developers to view security as a bottleneck or afterthought, which means security teams need a new approach to keep up.

Read Post

Snyk

Read more about Why a solid DevOps foundation is vital for effective DevSecOps

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Nov 27, 2024 By Pauline Bolaños In Trustwave

On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. This widely used open-source file archiving software enables remote actors to perform remote code execution (RCE) on vulnerable 7-Zip versions. This vulnerability was originally discovered earlier this year and was reported to 7-Zip in June 2024.

Read Post

Trustwave

Read more about CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Measuring AppSec success: Key KPIs that demonstrate value

Nov 26, 2024 By Daniel Berman In Snyk

In the software development industry, proactively securing the software development life cycle (SDLC) from cyber threats must always be a top priority. Taking a shift left approach addresses security early on so your development teams can spend more time innovating and less on dealing with vulnerabilities. But that’s just the beginning.

Read Post

Snyk

Read more about Measuring AppSec success: Key KPIs that demonstrate value

How to Enhance Secure Access to Screen Displays for Remote Workers

Nov 26, 2024 By SecuritySenses In SecuritySenses

Remote work is the new normal, and while it is flexible, it can easily introduce security risks. Protecting sensitive information on screen displays is crucial. With employees working from different locations, it's easier than ever to be exposed to threats. Hackers, unauthorized access, and accidental data sharing are just a few concerns. That's why secure access to screen displays is more important than ever. Let's explore how you can strengthen security for remote workers.

Read Post