%term

Hotjar's OAuth+XSS Flaw Exposes Millions at Risk of Account Takeover

Aug 1, 2024 By Pavan Bushan Reddy In Indusface

A critical flaw in Hotjar that combines XSS with OAuth putting millions of websites at risk, exposing user data and risking account takeovers. Hotjar, a trusted product experience insights platform used by over a million websites, including global brands like Adobe and Microsoft, offers powerful behavior analytics and feedback tools. These include Heatmaps, Recordings, Surveys, and Feedback, which help product teams understand user behavior and improve user experience (UX).

Read Post

Indusface

Read more about Hotjar's OAuth+XSS Flaw Exposes Millions at Risk of Account Takeover

How to tell if your organization's credentials have been involved in a breach

Aug 1, 2024 By Marcus White In Outpost 24

Stolen credentials are the easiest route into your organization for a hacker. Verizon’s 2023 Data Breach Investigation Report found that threat actors used stolen credentials in 49% of attempts to gain unauthorized access to organizations. The problem IT teams face is knowing when credentials have been stolen or leaked in a breach – otherwise you’re waiting to respond to a security issue rather than handling it proactively.

Read Post

Outpost 24

Read more about How to tell if your organization's credentials have been involved in a breach

Triaging Non-CVE Vulnerabilities with Nucleus

Aug 1, 2024 By Nucleus In Nucleus

Join Scott Kuffer, Co-Founder of Nucleus Security, in this webinar, focused on effective vulnerability management. Dive deep into the complexities of managing non-CVE based vulnerabilities. Learn about centralized vs. distributed remediation strategies and gain practical tips on triaging, prioritizing, and responding to vulnerabilities. This webinar emphasizes the importance of a unified approach to vulnerability management, leveraging threat modeling, and re-evaluating risk assessment methodologies to protect your business.

View Video

Nucleus

Read more about Triaging Non-CVE Vulnerabilities with Nucleus

Nucleus Security Launches Nucleus Vulnerability Intelligence Platform to Accelerate Threat Assessment and Risk Mitigation

Jul 31, 2024 By Nucleus In Nucleus

Nucleus Security announces the launch of its Nucleus Vulnerability Intelligence Platform. Nucleus Vulnerability Intelligence Platform enables enterprises to aggregate, analyze, and act on insights from government, open-source, and premium threat intelligence feeds while reducing manual effort, accelerating threat assessment, and promoting proactive remediation.

Read Post

Nucleus

Read more about Nucleus Security Launches Nucleus Vulnerability Intelligence Platform to Accelerate Threat Assessment and Risk Mitigation

A denial of service Regex breaks FastAPI security

Jul 31, 2024 By Liran Tal In Snyk

Welcome, fellow developers! In this blog post, we are going to delve deep into the world of application security, specifically focusing on a vulnerability that can deteriorate FastAPI security: Denial of service (DoS) caused by insecure regular expressions (regex).

Read Post

Snyk

Read more about A denial of service Regex breaks FastAPI security

Utilizing Zenity's Security Suite to Detect and Mitigate AI Vulnerabilities in Real-Time

Jul 31, 2024 By Andrew Silberman In Zenity

AI has completely changed how we live, work and play. With its unparalleled efficiency, ongoing learning abilities and its detailed precision, it makes short work out of what used to be more complex and cumbersome tasks. Although AI systems are incredibly powerful and only growing in capacity and scale, they’re not without their challenges. Like other types of programs and infrastructures, AI is not immune to vulnerabilities and security issues.

Read Post

Zenity

Read more about Utilizing Zenity's Security Suite to Detect and Mitigate AI Vulnerabilities in Real-Time

A Major Flaw with AI Coding Tools - GitHub Copilot, etc.

Jul 31, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about A Major Flaw with AI Coding Tools - GitHub Copilot, etc.

Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager Responsibly Disclosed to Vendor

Jul 31, 2024 By Stefan Hostetler In Arctic Wolf

On July 17, 2024, SolarWinds published a security advisory detailing multiple critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities were responsibly disclosed to SolarWinds by researchers working with Trend Micro’s Zero Day Initiative (ZDI). The vulnerabilities have CVSS scores ranging between 7.6 to 9.6. The disclosed vulnerabilities allow for remote code execution (RCE), directory traversal, information disclosure, and authentication bypass.

Read Post

Arctic Wolf

Read more about Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager Responsibly Disclosed to Vendor

Preventing SQL injection in C# with Entity Framework

Jul 30, 2024 By Brian Vermeer In Snyk

SQL injection (SQLi) is one of the most severe security vulnerabilities in web applications. It occurs when an attacker is able to manipulate the SQL queries executed by an application by injecting malicious SQL code into user input fields. SQLi can lead to unauthorized access to sensitive data, data corruption, or even complete control over the database server.

Read Post

Snyk

Read more about Preventing SQL injection in C# with Entity Framework

Don't RegreSSH: An Anti-Pavlovian Approach to Celebrity Vulns

Jul 30, 2024 By Ben Edwards In BitSight

Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.

Read Post