Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We have found a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665). The maintainer of protobufjs has issued an update that fixed the issue on 27 June 2023. The vulnerability was discovered by Peter Samarin using Jazzer.js with our newly integrated Prototype Pollution bug detector. This finding emerged in part from our collaboration with Google's OSS-Fuzz and puts affected applications at risk of remote code execution and denial of service attacks.

According to the Verizon 2023 Data Breach Investigations Report, basic web application attacks, which consist largely of leveraging vulnerabilities and stolen credentials to get access to an organization’s assets, are the most prevalent pattern of attack against the financial services sector.

Software vulnerabilities are the most significant security risks organizations face today, and several critical vulnerabilities have been identified in 2023, including Apache Superset, Papercut, and MOVEit SQL Injection vulnerabilities. In the first quarter of 2023, AppTrana detected 24,000 vulnerabilities across 1,400+ sites.

Jackson National Life Insurance is based in Lansing, Michigan, and was founded in 1961. This insurance and annuities company offers retail brokerage services and offers asset management services to its customers. Nearly 3,000 people are employed by the company, and it has an annual revenue of $14.4 billion. This large-scale insurance company is just one of the many recent organizations to be hurt by the MOVEit file transfer service breaches.

Twenty-five percent: Any idea what this percentage is referring to? Let’s take some wild guesses: A five-year CAGR of your investments? Your yearly salary hike? If any of your guesses were remotely close to these happy responses, we’re sorry to break your heart! This percentage depicts the rise in the number of identified vulnerabilities in 2022 over the previous year. 2022 saw an alarming spike of 25% in identified vulnerabilities, the count rising to 25,227 from 20,171 previously.

Continuous integration (CI) and continuous delivery (CD) has become a ubiquitous practice for DevOps teams. The CI/CD process focuses on building and deploying new applications or releasing updates to already-deployed workloads. As a result, most CI/CD efforts focus on enhancing development speeds. However, CI/CD practices can accomplish much more than enabling workload deployments.

Webhooks are a callback integration technique for sending and receiving information, such as event notifications, in close to real-time. Webhooks can be triggered by application events and transmit data over HTTP to another application or third-party API. You can configure a webhook URL and connect external participants to customize, extend, or modify workflows. Webhooks may or may not be signed.

The zero-day vulnerability in Progress Software's MOVEit Transfer product is being exploited by the Clop ransomware gang and other copycat cybercriminal groups to expedite the theft of sensitive data from customer databases. To protect your organization from compromise, follow the recommended response actions in this blog. Learn how UpGuard streamlines Vendor Risk Management >

The entire cybersecurity realm is buzzing over zero-day vulnerabilities and SQL injection attacks owing to the MOVEit Transfer MFT breach. In case you missed it, here’s the back story, timeline of events, and latest updates. On May 31, 2023, Progress Software rolled out security patches for the recently discovered SQL injection vulnerability in their file sharing application, MOVEit Transfer.