%term

How to prevent log injection vulnerability in JavaScript and Node.js applications

Sep 26, 2024 By Liran Tal In Snyk

In many standard enterprise applications, consistent logging serves a multitude of purposes. It helps businesses identify and rectify errors, provides valuable analytical insights, and lets you test new solutions. However, this also makes log injections one of the most common ways hackers can hijack or even gain access to sensitive user information.

Read Post

Snyk

Read more about How to prevent log injection vulnerability in JavaScript and Node.js applications

Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Sep 26, 2024 By Andres Ramos In Arctic Wolf

On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting Aruba Networking Access Points. These vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could allow remote unauthenticated attackers to execute code with privileged access.

Read Post

Arctic Wolf

Read more about Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Deep Dive into the Latest API Security Vulnerabilities in Envoy

Sep 26, 2024 By Wallarm In Wallarm

Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Lyft and now part of the Cloud Native Computing Foundation’s arsenal, is integral for companies scaling up their Kubernetes deployments. Envoy ensures efficient load balancing, security, and operational agility by managing external access to services within Kubernetes clusters,.

Read Post

Wallarm

Read more about Deep Dive into the Latest API Security Vulnerabilities in Envoy

Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform

Sep 26, 2024 By Nucleus In Nucleus

In this webinar, discover how the Nucleus Vulnerability Intelligence Platform (VIP) is changing the way organizations handle vulnerabilities. Learn how VIP empowers security teams to assess, prioritize, and mitigate vulnerabilities in real time by leveraging automated workflows, comprehensive data aggregation, and custom risk ratings. Key topics covered: Chapters Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!

View Video

Nucleus

Read more about Accelerating Threat Assessment and Risk Mitigation with Nucleus Vulnerability Intelligence Platform

Exploit Attempt for a Cross Site Scripting Vulnerability

Sep 26, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Exploit Attempt for a Cross Site Scripting Vulnerability

Best Practices in Vulnerability Management

Sep 25, 2024 By Amit Sheps In IONIX

Vulnerability management is a major component of any cybersecurity strategy, simply because every vulnerability represents another potential vector through which an organization can be attacked.

Read Post

IONIX

Read more about Best Practices in Vulnerability Management

Chinese Hackers Target APAC Governments with EAGLEDOOR Malware Exploiting GeoServer Flaw

Sep 24, 2024 By Foresiet In Foresiet

In a sophisticated cyber espionage campaign, a group of Chinese hackers has exploited a critical vulnerability in GeoServer to target government organizations across the Asia-Pacific (APAC) region. This operation, linked to the advanced persistent threat (APT) group known as Earth Baxia, highlights the evolving landscape of cyber threats facing sensitive sectors, including government and energy.

Read Post

Foresiet

Read more about Chinese Hackers Target APAC Governments with EAGLEDOOR Malware Exploiting GeoServer Flaw

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

Sep 24, 2024 By Pedro Umbelino In BitSight

Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.

Read Post

BitSight

Read more about Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

CVE-2024-8190 - OS Command Injection in Ivanti CSA

Sep 24, 2024 By Pavithra Hanchagaiah In Indusface

A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.

Read Post

Indusface

Read more about CVE-2024-8190 - OS Command Injection in Ivanti CSA

How Security Debt Compounds Vulnerability Risk

Sep 24, 2024 By Corey Tomlinson In Nucleus

Organizations often find themselves caught in a perpetual cycle of identifying, prioritizing, and mitigating vulnerabilities that pose the most risk. Amid this ongoing battle, a significant challenge is often overlooked: security debt. Much like technical debt, security debt refers to the accumulation of unresolved vulnerabilities within an organization’s systems and software.

Read Post