%term

CVE-2024-3937: Maximum Severity Authentication Bypass Vulnerability in Juniper Routers

Jul 2, 2024 By Andres Ramos In Arctic Wolf

On June 28, 2024, Juniper released fixes for a critical authentication bypass vulnerability discovered during internal testing, CVE-2024-3937. Juniper has stated that this vulnerability affects only Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products running in high-availability redundant configurations.

Read Post

Arctic Wolf

Read more about CVE-2024-3937: Maximum Severity Authentication Bypass Vulnerability in Juniper Routers

CVE-2024-5275: SQLi Vulnerability in Fortra FileCatalyst Workflow

Jul 2, 2024 By James Liolios In Arctic Wolf

On June 25, 2024, Fortra published a security advisory for a vulnerability affecting their FileCatalyst Workflow product. The vulnerability, labelled as CVE-2024-5275, is rated as critical severity due to its low attack complexity and high impact.

Read Post

Arctic Wolf

Read more about CVE-2024-5275: SQLi Vulnerability in Fortra FileCatalyst Workflow

Improving Patch and Vulnerability Management with Proactive Security Analysis

Jul 1, 2024 By David Bunting In ChaosSearch

Vulnerability management is the continuous process of identifying and addressing vulnerabilities in an organization’s IT infrastructure, while patch management is the process of accessing, testing, and installing patches that fix bugs or address known security vulnerabilities in software applications. Vulnerability management and patch management are crucial SecOps processes that protect IT assets against cyber threats and prevent unauthorized access to secure systems.

Read Post

ChaosSearch

Read more about Improving Patch and Vulnerability Management with Proactive Security Analysis

CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

Jul 1, 2024 By Wallarm In Wallarm

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions.

Read Post

Wallarm

Read more about CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

10 BEST Practices for Securely Developing with AI

Jul 1, 2024 By Snyk In Snyk

AI technology is booming, but are you aware of the hidden security risks? Join us as we explore the 10 best practices to keep your use of AI safe and secure.

View Video

Snyk

Read more about 10 BEST Practices for Securely Developing with AI

regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)

Jul 1, 2024 By Amit Schendel In ARMO

A high-severity remote code execution (RCE) vulnerability has been found in OpenSSH’s server (CVE-2024-6387) by the research team of Qualys. This issue is especially concerning because it brings back a problem that was originally fixed in 2006, showing that one of the most popular secure software still has hidden bugs. This discovery follows another major vulnerability found in the XZ Utils library just a few months ago, highlighting ongoing security challenges.

Read Post

ARMO

Read more about regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)

CVE-2024-5806: Authentication Bypass Vulnerability in Progress MOVEit Transfer

Jun 28, 2024 By Kroll In Kroll

Note: Exploitation of this vulnerability remains highly likely, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.

Read Post

Kroll

Read more about CVE-2024-5806: Authentication Bypass Vulnerability in Progress MOVEit Transfer

New MOVEit Bug Actively Exploited Within Hours of Public Disclosure

Jun 28, 2024 By Foresiet In Foresiet

A high-severity security flaw in Progress Software's MOVEit Transfer platform is being exploited in the wild just hours after its disclosure. This vulnerability, identified as CVE-2024-5806, allows attackers to bypass authentication mechanisms and pose as any valid user, thereby gaining access to sensitive files.

Read Post

Foresiet

Read more about New MOVEit Bug Actively Exploited Within Hours of Public Disclosure

Risks for Polyfill.io Users

Jun 28, 2024 By Lauren Farrell In Centripetal

Earlier this year, a Chinese company named Funnull acquired the polyfillio. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS open-source project are vulnerable to attacks that redirect traffic to sports betting and pornography sites.

Read Post

Centripetal

Read more about Risks for Polyfill.io Users

Building a Human-Centric Vulnerability Management Program

Jun 27, 2024 By Nucleus In Nucleus

Steve Carter, CEO and co-founder of Nucleus Security, and Dr. Nikki Robinson, Security Architect at IBM, discuss the importance of the people side of vulnerability management. They explore challenges such as context switching, long mean time to remediation, and the impact of communication on vulnerability management programs. The conversation includes practical advice on incorporating human factors into cybersecurity practices, how to improve communication and collaboration among teams, and why understanding human factors is crucial for effective vulnerability management.

View Video