Web cache poisoning is a cyber attack that wreaks havoc on unsuspecting websites. It exploits vulnerabilities by caching mechanisms that web servers, proxies, and content delivery networks (CDNs) use, compromising data integrity. Malicious actors can use cache poisoning to deliver malicious payloads, tamper with sensitive information, or redirect users to fraudulent websites. In this article, we’ll comprehensively explore web cache poisoning attacks and how they work.
In the tech security scene, we’re always on the lookout for new vulnerabilities, especially when they are already exploited in the wild. The latest zero-day CVE-2023-20269 is hitting Cisco’s Adaptive Security Appliance VPN features. The attack surface scan conducted by IONIX research on a sample of organizations indicates that 13% of these appliances are potentially vulnerable through at least one interface.
Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.
When scanning packages, CVE (Common Vulnerabilities and Exposures) scanners can find thousands of vulnerabilities. This leaves developers with the painstaking task of sifting through long lists of vulnerabilities to identify the relevance of each, only to find that many vulnerabilities don’t affect their artifacts at all.
Welcome to our cheat sheet covering the OWASP Top 10 for LLMs. If you haven’t heard of the OWASP Top 10 before, it’s probably most well known for its web application security edition. The OWASP Top 10 is a widely recognized and influential document published by OWASP focused on improving the security of software and web applications. OWASP has created other top 10 lists (Snyk has some too, as well as a hands-on learning path), most notably for web applications.
Two new local privilege escalation vulnerabilities were recently discovered in Ubuntu: CVE-2023-2640 (CVSS 7.8) and CVE-2023-32629 (CVSS 7.8). The vulnerabilities, dubbed GameOver(lay), affect the OverlayFS module in multiple Ubuntu kernels. Ubuntu’s official security bulletin here and here outlines the impacted versions by both CVEs. It’s important to note that CrowdStrike Falcon® Cloud Security protects against both vulnerabilities.
Vulnerability scanning plays a crucial role in safeguarding applications and systems. By utilizing advanced software tools, it detects weaknesses or ‘vulnerabilities’ in computer systems that could be exploited by malicious individuals to compromise the system or steal valuable data.
