%term

Overcoming CVE Shock with Effective Kubernetes Vulnerability Scanning

Jan 23, 2024 By Oshrat Nir In ARMO

ARMO’s new feature revolutionizes Kubernetes vulnerability scanning based on eBPF technology to help Kubernetes and DevSecOps practitioners focus on fixing the vulnerabilities that impact their security posture the most.

Read Post

ARMO

Read more about Overcoming CVE Shock with Effective Kubernetes Vulnerability Scanning

CSRF Vulnerability Discovered In VikRentcar WordPress Plugin 1.3.1

Jan 22, 2024 By Nivedita James Palatty In Astra

VikRentCar is a popular car rental management system that is also available as a WordPress plugin. The plugin provides a hassle-free and reliable rent reservation system for cars, scooters, motorbikes, boats, and any other vehicles.

Read Post

Astra

Read more about CSRF Vulnerability Discovered In VikRentcar WordPress Plugin 1.3.1

3 tips from Snyk and Dynatrace's AI security experts

Jan 22, 2024 By Sarah Conway In Snyk

McKinsey is calling 2023 “generative AI’s breakout year.” In one of their recent surveys, a third of respondents reported their organizations use GenAI regularly in at least one business function. But as advancements in AI continue to reshape the tech landscape, many CCISOs are left grappling with this question: How does AI impact software development cycles and the overall security of business applications?

Read Post

Snyk

Read more about 3 tips from Snyk and Dynatrace's AI security experts

CVE-2024-21591: Critical Junos OS Vulnerability Could lead to Unauthenticated Remote Code Execution

Jan 22, 2024 By Steven Campbell In Arctic Wolf

On January 10, 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a threat actor to cause a denial of service (DoS) or achieve unauthenticated remote code execution (RCE) with root privileges. The vulnerability impacts the J-Web component of Junos OS, the operating system running on the devices. The vulnerability was discovered during external security research.

Read Post

Arctic Wolf

Read more about CVE-2024-21591: Critical Junos OS Vulnerability Could lead to Unauthenticated Remote Code Execution

CVE-2023-6548 & CVE-2023-6549: DoS and RCE Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

Jan 22, 2024 By Andres Ramos In Arctic Wolf

On January 16, 2024, Citrix published a security bulletin disclosing two zero-day vulnerabilities (CVE-2023-6548 & CVE-2023-6549) being actively exploited in Citrix NetScaler ADC and NetScaler Gateway.

Read Post

Arctic Wolf

Read more about CVE-2023-6548 & CVE-2023-6549: DoS and RCE Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

A Step-by-step Guide to URL Verification in Indusface WAS

Jan 22, 2024 By Anish Srinivasrao Kancharla In Indusface

To initiate an Indusface WAS vulnerability scan on your URL, confirming ownership of the URL or domain being scanned is essential. This verification is an additional security measure to prevent unauthorized users from conducting scans on your URL or domain and revealing potential vulnerabilities. There are 3 different methods to verify your URL.

Read Post

Indusface

Read more about A Step-by-step Guide to URL Verification in Indusface WAS

Two Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

Jan 19, 2024 By George Glass In Kroll

Two vulnerabilities have been detected in in Citrix NetScaler ADC and NetScaler Gateway. These vulnerabilities are being tracked as CVE-2023-6549 and CVE-2023-6548 with CVSS scores of 8.2 and 5.5 respectively. They are under active exploitation, affecting the following product versions.

Read Post

Kroll

Read more about Two Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

How Jaguar Land Rover and Asda are Building a Modern DevSecOps Culture

Jan 19, 2024 By Snyk In Snyk

Organizations at different stages of growth or maturity will have different challenges when adopting a modern DevSecOps program. In this session we talked with Mike Welsh, Lead Enterprise Security Architect DevSecOps, at JLR, and Ruta Baltiejute, DevSecOps Lead at Asda, about their differing approach to implementing a secure development model at their organizations. We discussed the significant differences between how they’re building software today, including their approach to change in People, Process and Tooling.

View Video

Snyk

Read more about How Jaguar Land Rover and Asda are Building a Modern DevSecOps Culture

How can OWASP MASTG and OWASP MASVS Redefine Your Mobile App Security?

Jan 19, 2024 By Harshit Agarwal In Appknox

The OWASP Mobile Application Security Testing Guide (MASTG) and the OWASP Mobile Application Security Verification Standard (MASVS) are two vital resources that have been instrumental in reshaping the landscape of mobile app security. Developed by cybersecurity experts, the MASTG is an elaborate manual that describes the technicalities for meeting the security requirements listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Read Post

Appknox

Read more about How can OWASP MASTG and OWASP MASVS Redefine Your Mobile App Security?

Mobile Application Security - From Vulnerabilities to Vigilance

Jan 19, 2024 By Harshit Agarwal In Appknox

Your mobile apps are your business's face to the world. As an app creator or business owner, credibility is everything, and security is the cornerstone upon which it stands. Now, with the digital ecosystem being highly susceptible to breaches, even a single slip in security can shatter the trust your users have in your brand, tarnishing the hard-earned credibility of your business. This is why mobile app security is key to your business’s growth.

Read Post