%term

MOVEit Gateway and MOVEit Transfer Vulnerabilities

Jun 27, 2024 By Lauren Farrell In Centripetal

On June 25, 2024, Progress Software, the parent company of the MOVEit software suite, officially released details for two critical vulnerabilities identified in MOVEit Gateway and MOVEit Transfer, CVE-2024-5805 and CVE-2024-5806 respectively. MOVEit Transfer is a managed file transfer solution that supports the exchange of files and data between servers, systems and applications within and between organizations.

Read Post

Centripetal

Read more about MOVEit Gateway and MOVEit Transfer Vulnerabilities

Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware

Jun 27, 2024 By KrakenLabs In Outpost 24

While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and articles describing a novel infection technique being used to distribute various types of malware not necessarily related to each other. For example, this article analyzing Amadey and this one talking about Redline.

Read Post

Outpost 24

Read more about Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware

Container Security Scanning: Vulnerabilities, Risks and Tooling

Jun 27, 2024 By Guest Expert In GitGuardian

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

Read Post

GitGuardian

Read more about Container Security Scanning: Vulnerabilities, Risks and Tooling

How to secure a REST API?

Jun 27, 2024 By Liran Tal In Snyk

As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.

Read Post

Snyk

Read more about How to secure a REST API?

The exploit prediction scoring system: What it is and how to use it

Jun 27, 2024 By Graylog Security In Graylog

Managing vulnerabilities can feel like the end of the first act of Les Misérables as you sing to yourself, “one day more, another day another vulnerability.” Like Jean Valjean, you attempt to put up barricades to protect your environment from attackers exploiting these security weaknesses. Keeping pace with the number of vulnerabilities and threat actor activities becomes overwhelming, leaving you to feel outnumbered and outmanned.

Read Post

Graylog

Read more about The exploit prediction scoring system: What it is and how to use it

CVE-2024-5805 & CVE-2024-5806: Authentication Bypass Vulnerabilities in Progress MOVEit Transfer and MOVEit Gateway

Jun 26, 2024 By Andres Ramos In Arctic Wolf

On June 25, 2024, Progress disclosed two vulnerabilities affecting MOVEit Transfer and MOVEit Gateway: CVE-2024-5805: A critical severity authentication bypass vulnerability affecting MOVEit Gateway (SFTP module). MOVEit Gateway is a proxy for MOVEit Transfer, designed to securely handle inbound connections when deployed behind a firewall.

Read Post

Arctic Wolf

Read more about CVE-2024-5805 & CVE-2024-5806: Authentication Bypass Vulnerabilities in Progress MOVEit Transfer and MOVEit Gateway

How security teams enhance vulnerability management with Tines

Jun 26, 2024 By Dave Herder In Tines

When it comes to vulnerability management, time is critical - every minute a vulnerability goes unaddressed, the risk escalates. To ensure all risks are addressed, security teams need vulnerability management processes that are reliable and efficient, and, crucially, don’t drain their resources. And given that 22% of cybersecurity professionals have admitted to ignoring an alert completely, we can’t afford to rely on the human element alone.

Read Post

Tines

Read more about How security teams enhance vulnerability management with Tines

Polyfill supply chain attack embeds malware in JavaScript CDN assets

Jun 26, 2024 By Liran Tal In Snyk

On June 25, 2024, the Sansec security research and malware team announced that a popular JavaScript polyfill project had been taken over by a foreign actor identified as a Chinese-originated company, embedding malicious code in JavaScript assets fetched from their CDN source at: cdn.polyfill.io. Sansec claims more than 100,000 websites were impacted due to this polyfill attack, including publicly traded companies such as Intuit and others.

Read Post

Snyk

Read more about Polyfill supply chain attack embeds malware in JavaScript CDN assets

CVE-2024-36680: SQL Injection Vulnerability in Facebook's PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

Jun 26, 2024 By Wallarm In Wallarm

PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory tracking, and payment processing. Supporting multiple languages and currencies, it's ideal for small to medium businesses worldwide. Built by Promokit, the pkFacebook add-on integrates PrestaShop with Facebook, enabling product catalog sync, dynamic ads, and Facebook Shop creation.

Read Post

Wallarm

Read more about CVE-2024-36680: SQL Injection Vulnerability in Facebook's PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

eSIM Cybersecurity: More Advantages or Drawbacks?

Jun 25, 2024 By SecuritySenses In SecuritySenses

As eSIM technology gets more popular every year and more people turn to it rather than physical SIM cards, what are the benefits? With eSIM technology, the SIM is built into the device, making it more convenient. An eSIM stands for embedded subscriber identity module and is an essential component that allows modern mobile devices to connect to mobile network operator services worldwide. However, I am more concerned about security rather than the features that new innovations bring. This is why I am dedicated to learning what security protocols eSIM uses and how safe embedded SIMs are for users.

Read Post