%term

How API Vulnerabilities Expose Millions of Records in Just Minutes! #DataLeak #DataBreach

Nov 25, 2024 By Wallarm In Wallarm

APIs are crucial for data flow, but they also open doors for rapid data breaches if security isn't real-time. In this video, we analyze how an API vulnerability led to a 250 million user data leak in just minutes. Learn why fast data flow in APIs requires immediate, real-time protection to prevent major damage. This case also highlights the often-overlooked importance of client-side security in API protection, especially as APIs are increasingly used in mobile apps and browsers. Discover essential insights to safeguard APIs from potential attacks.

View Video

Wallarm

Read more about How API Vulnerabilities Expose Millions of Records in Just Minutes! #DataLeak #DataBreach

Path Traversal in 2024 - The year unpacked

Nov 23, 2024 By Mackenzie Jackson In Aikido

Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.

Read Post

Aikido

Read more about Path Traversal in 2024 - The year unpacked

Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices

Nov 22, 2024 By Julian Tuin, Stefan Hostetler, Jon Grimm, Aaron Diaz, and Trevor Daher In Arctic Wolf

On November 18, 2024, Palo Alto Networks disclosed the existence of two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in Palo Alto Networks OS (PAN-OS), the operating system used on their firewall devices. A day later, watchTowr released a report providing technical details on how to chain the two vulnerabilities together to achieve remote code execution of these vulnerabilities.

Read Post

Arctic Wolf

Read more about Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices

Learn Cybersecurity for Free

Nov 22, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Learn Cybersecurity for Free

Security Bulletin: PAN-OS Authentication Bypass and Privilege Escalation Vulnerabilities

Nov 22, 2024 By Lauren Farrell In Centripetal

On November 19, 2024, Palo Alto Networks disclosed two critical vulnerabilities in its PAN-OS software, CVE-2024-0012 an Authentication Bypas, and CVE-2024-9474 a Privilege Escalation. These vulnerabilities enable attackers to gain unauthorized administrative access and escalate privileges to root level. Exploitation of these vulnerabilities, observed in the wild, has been attributed to a targeted campaign dubbed Operation Lunar Peek.

Read Post

Centripetal

Read more about Security Bulletin: PAN-OS Authentication Bypass and Privilege Escalation Vulnerabilities

Threat Context monthly: Executive intelligence briefing for November 2024

Nov 22, 2024 By KrakenLabs In Outpost 24

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from November.

Read Post

Outpost 24

Read more about Threat Context monthly: Executive intelligence briefing for November 2024

Command injection in 2024 unpacked

Nov 22, 2024 By Mackenzie Jackson In Aikido

Command injection is a vulnerability still very prevalent in web applications despite being less famous than its cousins SQL injection or Code injection. If you’re familiar with other injection vulnerabilities, you’ll recognize the common principle: untrusted user input is not properly validated, leading to the execution of arbitrary system commands. This flaw occurs when unvalidated input is passed to system-level functions. So how prominent is command injection actually?

Read Post

Aikido

Read more about Command injection in 2024 unpacked

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

Nov 22, 2024 By Michael Haag In Splunk

The e-commerce world was recently shaken by the discovery of a vulnerability in Adobe Commerce and Magento, two of the most widely used e-commerce platforms. Dubbed "CosmicSting" and designated as CVE-2024-34102, this vulnerability exposes millions of online stores to potential remote code execution and data exfiltration risks.

Read Post

Splunk

Read more about CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

Nucleus Ranked No. 85 Among Deloitte's 500 Fastest Growing Companies in North America

Nov 21, 2024 By Steve Carter In Nucleus

We’ve had a lot to celebrate at Nucleus this year, with today’s news being the being one of our most significant achievements of the year. Speaking for the whole company, we are proud to have been named to the Deloitte Technology Fast 500, a ranking of the 500 fastest growing technology companies in North America for 2024, and for the recognition of our 1,562% growth over the past three years.

Read Post