Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Two Citrix vulnerabilities (CVE-2024-8068 and CVE-2024-8069) can potentially lead to unauthenticated remote code execution. Note: according to the vendor, privilege escalation to NetworkService Account access in Citrix Session Recording and limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording is possible when an attacker is an authenticated user in the same intranet.

According to security researcher nol_tech CVE-2024–50340 is a critical vulnerability (CVSS: 7.3) affecting Symfony applications when the PHP directive register_argc_argv is enabled. By appending ?+--env=dev to a URL, attackers can force the application into the dev environment, granting remote access to the Symfony profiler. This exposure can lead to the leaking of sensitive information and potentially executing arbitrary code.

Product Name: bodi0’s Easy Cache Vulnerability: Stored XSS Vulnerable Version: Will be disclosed soon CVE: Will be disclosed soon On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0’s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.

Today, we announced the exciting news that Snyk has acquired Probely, a fast-growing modern provider of API Security Testing and Dynamic Application Security Testing (DAST). With this addition, Snyk now offers a full range of development and application security solutions, with customers immediately benefiting from a broader range of developer friendly testing techniques.

How often are you surprised by a threat or vulnerability from a software asset you never knew existed? For many companies, the answer is, “More often than we’d like.” This is because you can’t protect what you can’t see. Full visibility across the entire software supply chain is a must for AppSec teams, but this comprehensive view across the attack surface can be elusive.

On October 12, 2024, Ivanti released fixes for CVE-2024-50330, a critical severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw allows Remote Code Execution (RCE) by an unauthenticated attacker.

Active Directory (AD) is crucial for an organization’s identity and access management strategy, but its complex architecture is also a prime zone for overlooked vulnerabilities. One such feature that’s often overlooked is Active Directory Certificate Services (ADCS). Active Directory Certificate Services ADCS is a service that provides a robust solution for managing digital certificates in a Windows Server environment. It leverages AD to manage certificates in a domain environment.