Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A Deep Dive into the Exploit Prediction Scoring System EPSS

Sep 27, 2023 By Nucleus In Nucleus
The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.
View Video
Arctic Wolf

CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

Sep 26, 2023 By Andres Ramos In Arctic Wolf
On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 and can allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform RCE. All versions of TeamCity On-Premises are affected by this vulnerability.
Read Post
Snyk

Signing container images: Comparing Sigstore, Notary, and Docker Content Trust

Sep 26, 2023 By Hrittik Roy In Snyk

In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.

Read Post
idstrong

Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

Sep 26, 2023 By Steven In IDStrong

Delta Dental of California is a major dental insurance provider throughout one of the largest states in the US. The company is well-known for offering PPO dental insurance policies and other varieties of dental insurance options. The company was founded in 1955 and serves millions of Americans throughout nearly all of the 50 states. All California residents using Delta Dental may have been impacted by a recent data breach that could cause real problems for them.

Read Post
Arctic Wolf

CVE-2023-41991, 41992, 41993: Three Actively Exploited Vulnerabilities in Apple Products Fixed

Sep 25, 2023 By Andres Ramos In Arctic Wolf
On September 21, 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari. Citizen Lab and Google Threat Analysis Group (TAG) observed these three vulnerabilities exploited in an exploit chain against a former Egyptian Member of Parliament to deploy Predator spyware. Predator was developed by Intellexa/Cytrox to perform surveillance on targeted mobile devices.
Read Post
wallarm

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Sep 23, 2023 By Wallarm In Wallarm

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post
Spectral

What is the 'Zenbleed' Exploit and 7 Ways to Prevent it Now

Sep 21, 2023 By Eyal Katz In Spectral

In 2018, the discovery of the Meltdown and Spectre CPU vulnerabilities sent shockwaves through the tech industry. These hardware flaws allowed attackers to steal sensitive data like passwords and encryption keys from computers, smartphones, and cloud servers. Now, in 2023, history is unfortunately repeating itself. A new exploit called Zenbleed has emerged, taking advantage of similar speculative execution processes in AMD’s Zen architecture chips.

Read Post
indusface

What is an Authenticated Security Scan, And Why Is It Important?

Sep 21, 2023 By Gaurav Chauhan In Indusface
Many organizations today rely only on “unauthenticated” web application security scans, leaving their admin and user portals unchecked. While it is crucial to protect your system against external automated attacks, you shouldn’t ignore the possibility of a targeted attack from someone with valid logins. If your app lets anyone signup online, it could easily expose your business to attackers.
Read Post
Snyk

Snyk is named a Strong Performer as a first-time entrant in the Forrester Wave: Static Application Security Testing (SAST) Q3 2023

Sep 20, 2023 By Peter McKay In Snyk

In our first year participating in the Forrester Wave™: Static Application Security Testing (SAST) Q3 2023, we’re thrilled that Snyk has been recognized as a Strong Performer in a mature, yet evolving, enterprise software security category. Snyk is disrupting the SAST market with a developer-first approach to application security, illustrated by our position in strategy and market presence in the evaluation.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.