%term

Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability

Jul 16, 2024 By Brenden Meeder In CyberArk

During a recent customer engagement, the CyberArk Red Team discovered and exploited an Elevation of Privilege (EoP) vulnerability (CVE-2024-39708) in Delinea Privilege Manager (formerly Thycotic Privilege Manager). This vulnerability allowed an unprivileged user to execute arbitrary code as SYSTEM. CyberArk responsibly disclosed this vulnerability to Delinea, including the exploit proof of concept (POC) code, as part of our commitment to contributing to the security community.

Read Post

CyberArk

Read more about Identity Crisis: The Curious Case of a Delinea Local Privilege Escalation Vulnerability

Suspicious Maintainer Unveils Threads of npm Supply Chain Attack

Jul 16, 2024 By Liran Tal In Snyk

This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.

Read Post

Snyk

Read more about Suspicious Maintainer Unveils Threads of npm Supply Chain Attack

How to Respond: OpenSSH Vulnerability CVE-2024-6387

Jul 16, 2024 By Edward Kost In UpGuard

OpenSSH server is currently exposed to a dangerous vulnerability that, if exploited, could grant cybercriminals full system access without user interaction. This post provides an overview of CVE-2024-6387 and suggests remediation responses to mitigate its impact.

Read Post

UpGuard

Read more about How to Respond: OpenSSH Vulnerability CVE-2024-6387

CVE-2024-30078: Patch Your Wi-Fi Now!

Jul 16, 2024 By Kushalveer Singh Bachchas In LevelBlue

The relentless battle against cyber threats continues, and CVE-2024-30078 stands as a stark reminder of the ever-present need for vigilance. A critical vulnerability (CVE-2024-30078) has been identified in Wi-Fi drivers for various Microsoft Windows versions. This flaw allows attackers within Wi-Fi range to remotely execute malicious code (RCE) on vulnerable systems. Immediate patching is recommended.

Read Post

LevelBlue

Read more about CVE-2024-30078: Patch Your Wi-Fi Now!

Build Better Vulnerability Management with Threat and Vulnerability Intelligence

Jul 15, 2024 By Corey Tomlinson In Nucleus

The goal of every vulnerability management program is to reduce the risk posed by vulnerabilities that exist in the organization’s environments. You can achieve this goal in two ways. The first is to move faster, remediating vulnerabilities faster than they can arise. The problem with this approach is that it doesn’t work. It is inefficient, expensive, and impractical. There are simply too many vulnerabilities.

Read Post

Nucleus

Read more about Build Better Vulnerability Management with Threat and Vulnerability Intelligence

The Ultimate Guide to Finding the Best Open Source Packages

Jul 15, 2024 By Snyk In Snyk

Struggling to find the right open source package for your project? don't worry! After watching this video, you'll have a foolproof way to evaluate and choose the best ones with ease! Resources Chapters About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about The Ultimate Guide to Finding the Best Open Source Packages

Best Practices for Supply Chain Security in Response to Polyfill.io Attack

Jul 14, 2024 By Snyk In Snyk

Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure. Connect with Us Hashtags.

View Video

Snyk

Read more about Best Practices for Supply Chain Security in Response to Polyfill.io Attack

How to Address the Supply Chain Attack on the Polyfill.io Service

Jul 13, 2024 By Snyk In Snyk

Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure. Connect with Us Hashtags.

View Video

Snyk

Read more about How to Address the Supply Chain Attack on the Polyfill.io Service

Supply Chain Attack on the Polyfill.io Service

Jul 12, 2024 By Snyk In Snyk

Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure. Connect with Us Hashtags.

View Video

Snyk

Read more about Supply Chain Attack on the Polyfill.io Service

How to secure an S3 bucket on AWS?

Jul 12, 2024 By Liran Tal In Snyk

Amazon Web Services (AWS) Simple Storage Service (S3) has become a cornerstone in the world of cloud storage. It offers scalability, high availability, and performance, making it a go-to choice for businesses of all sizes. However, as with any cloud service, security is paramount. This is where the question of "how to secure an S3 bucket" comes into play. Securing your S3 buckets is not just about protecting your data from unauthorized access.

Read Post