%term

Introducing SwyftComply - Get Clean, Zero-Vulnerability Report in 72 Hours

Jan 24, 2024 By Indusface In Indusface

SOC 2, ISO270001, PCI, and other regional laws require you to have a clean, zero-vulnerability report. That said, even critical vulnerabilities take 250+ days to patch, especially when these exist in third-party plug-ins, open-source libraries, or legacy code. Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.

View Video

Indusface

Read more about Introducing SwyftComply - Get Clean, Zero-Vulnerability Report in 72 Hours

How Cloudflare's AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability

Jan 23, 2024 By Himanshu Anand In Cloudflare

Most WAF providers rely on reactive methods, responding to vulnerabilities after they have been discovered and exploited. However, we believe in proactively addressing potential risks, and using AI to achieve this. Today we are sharing a recent example of a critical vulnerability (CVE-2023-46805 and CVE-2024-21887) and how Cloudflare's Attack Score powered by AI, and Emergency Rules in the WAF have countered this threat.

Read Post

Cloudflare

Read more about How Cloudflare's AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability

Overcoming CVE Shock with Effective Kubernetes Vulnerability Scanning

Jan 23, 2024 By Oshrat Nir In ARMO

ARMO’s new feature revolutionizes Kubernetes vulnerability scanning based on eBPF technology to help Kubernetes and DevSecOps practitioners focus on fixing the vulnerabilities that impact their security posture the most.

Read Post

ARMO

Read more about Overcoming CVE Shock with Effective Kubernetes Vulnerability Scanning

CVE-2023-6548 & CVE-2023-6549: DoS and RCE Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

Jan 22, 2024 By Andres Ramos In Arctic Wolf

On January 16, 2024, Citrix published a security bulletin disclosing two zero-day vulnerabilities (CVE-2023-6548 & CVE-2023-6549) being actively exploited in Citrix NetScaler ADC and NetScaler Gateway.

Read Post

Arctic Wolf

Read more about CVE-2023-6548 & CVE-2023-6549: DoS and RCE Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

A Step-by-step Guide to URL Verification in Indusface WAS

Jan 22, 2024 By Anish Srinivasrao Kancharla In Indusface

To initiate an Indusface WAS vulnerability scan on your URL, confirming ownership of the URL or domain being scanned is essential. This verification is an additional security measure to prevent unauthorized users from conducting scans on your URL or domain and revealing potential vulnerabilities. There are 3 different methods to verify your URL.

Read Post

Indusface

Read more about A Step-by-step Guide to URL Verification in Indusface WAS

CSRF Vulnerability Discovered In VikRentcar WordPress Plugin 1.3.1

Jan 22, 2024 By Nivedita James Palatty In Astra

VikRentCar is a popular car rental management system that is also available as a WordPress plugin. The plugin provides a hassle-free and reliable rent reservation system for cars, scooters, motorbikes, boats, and any other vehicles.

Read Post

Astra

Read more about CSRF Vulnerability Discovered In VikRentcar WordPress Plugin 1.3.1

3 tips from Snyk and Dynatrace's AI security experts

Jan 22, 2024 By Sarah Conway In Snyk

McKinsey is calling 2023 “generative AI’s breakout year.” In one of their recent surveys, a third of respondents reported their organizations use GenAI regularly in at least one business function. But as advancements in AI continue to reshape the tech landscape, many CCISOs are left grappling with this question: How does AI impact software development cycles and the overall security of business applications?

Read Post

Snyk

Read more about 3 tips from Snyk and Dynatrace's AI security experts

CVE-2024-21591: Critical Junos OS Vulnerability Could lead to Unauthenticated Remote Code Execution

Jan 22, 2024 By Steven Campbell In Arctic Wolf

On January 10, 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a threat actor to cause a denial of service (DoS) or achieve unauthenticated remote code execution (RCE) with root privileges. The vulnerability impacts the J-Web component of Junos OS, the operating system running on the devices. The vulnerability was discovered during external security research.

Read Post

Arctic Wolf

Read more about CVE-2024-21591: Critical Junos OS Vulnerability Could lead to Unauthenticated Remote Code Execution

Two Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

Jan 19, 2024 By George Glass In Kroll

Two vulnerabilities have been detected in in Citrix NetScaler ADC and NetScaler Gateway. These vulnerabilities are being tracked as CVE-2023-6549 and CVE-2023-6548 with CVSS scores of 8.2 and 5.5 respectively. They are under active exploitation, affecting the following product versions.

Read Post

Kroll

Read more about Two Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

How Jaguar Land Rover and Asda are Building a Modern DevSecOps Culture

Jan 19, 2024 By Snyk In Snyk

Organizations at different stages of growth or maturity will have different challenges when adopting a modern DevSecOps program. In this session we talked with Mike Welsh, Lead Enterprise Security Architect DevSecOps, at JLR, and Ruta Baltiejute, DevSecOps Lead at Asda, about their differing approach to implementing a secure development model at their organizations. We discussed the significant differences between how they’re building software today, including their approach to change in People, Process and Tooling.

View Video