%term

5 Common Vulnerabilities Associated With Remote Access

Apr 24, 2023 By Kaitlyn Graham In BitSight

After COVID, enterprise IT security got turned on its head. As the world adjusted to working from home, and continues to, IT teams worked overtime to enable remote access for millions of employees. This transition has gone smoothly for most organizations, but many security gaps still remain years later. The SolarWinds data breach is a worrying example. It shows how vulnerable organizations are to malicious activity in our changing risk environment.

Read Post

BitSight

Read more about 5 Common Vulnerabilities Associated With Remote Access

Code Intelligence Finds Vulnerability in MySQL JDBC Driver - CVE-2023-21971

Apr 21, 2023 By Code Intelligence In Code Intelligence

Affected applications are at a higher risk of severe availability issues.

Read Post

Code Intelligence

Read more about Code Intelligence Finds Vulnerability in MySQL JDBC Driver - CVE-2023-21971

HTML Smuggling - An Old Technique with New Tricks

Apr 21, 2023 By Foresiet In Foresiet

Since the inception of the internet and the World Wide Web (WWW), HTML has been a fundamental part of digital communication, enabling document exchange services between various devices on the network. Developed by Tim Berners-Lee, the father of the WWW, in 1993, the markup language is still used to display documents on web browsers today.

Read Post

Foresiet

Read more about HTML Smuggling - An Old Technique with New Tricks

Critical Remote Code Execution Vulnerability in VMware Aria Operations for Logs: CVE-2023-20864

Apr 21, 2023 By Steven Campbell In Arctic Wolf

On Thursday, April 20, 2023, VMware disclosed a critical deserialization vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result in unauthenticated remote code execution (RCE) as root. The vulnerability was responsibly disclosed to VMware through the Zero Day Initiative and has not been actively exploited in campaigns. Furthermore, we have not identified a public proof of concept (PoC) exploit for CVE-2023-20864.

Read Post

Arctic Wolf

Read more about Critical Remote Code Execution Vulnerability in VMware Aria Operations for Logs: CVE-2023-20864

A CISOs Guide To The New 2023 OWASP API Security Update

Apr 20, 2023 By Wallarm In Wallarm

The OWASP API Security Project team recently posted the Top-10 API risks Release Candidate (RC) for 2023. Last updated in 2019, this new version is designed to help organizations understand the top threats against APIs and how to secure them. In this webinar, we will dig into the OWASP API Security Top-10 2023RC and discuss: We will share some of our data-driven insights, derived from our quarterly API ThreatStats(tm) Reports, and show how you can protect your APIs in real-time from the most impactful API threats.

View Video

Wallarm

Read more about A CISOs Guide To The New 2023 OWASP API Security Update

A Practitioner's Guide to the New 2023 OWASP API Security Update

Apr 20, 2023 By Wallarm In Wallarm

The OWASP API Security Top-10 risks Release Candidate (RC) is now out for comment. This new version is designed to update your understanding of the top threats against APIs and how to secure them. In this deep-dive webinar, we will dig into each of the OWASP API Security Top-10 2023 RC risks and discuss: The focus of this 2nd webinar in the series will be on what practitioners – builders, breakers, defenders, and DevSecOps – need to know to better protect their APIs.

View Video

Wallarm

Read more about A Practitioner's Guide to the New 2023 OWASP API Security Update

4 best practices for cultivating developer security adoption

Apr 20, 2023 By Erin Cullen In Snyk

Implementing adequate software supply chain security is a challenging feat in 2023. Attackers are becoming more sophisticated, and the growing complexity of modern applications makes them difficult to defend. We’re talking microservices, multi-cloud environments, and complex workflows — all moving at the speed of business. To address these challenges, the Snyk team organized two roundtable discussions, one held in North America and the other in EMEA.

Read Post

Snyk

Read more about 4 best practices for cultivating developer security adoption

CVE-2023-27350: Exploitation of Critical RCE Vulnerability in PaperCut Print Management Server

Apr 20, 2023 By Steven Campbell In Arctic Wolf

On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by threat actors. CVE-2023-27350 could allow unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on January 10, 2023; PaperCut released a patch on March 8, 2023.

Read Post

Arctic Wolf

Read more about CVE-2023-27350: Exploitation of Critical RCE Vulnerability in PaperCut Print Management Server

Remediate Zero Day Events with Third-Party Vulnerability Detection & Response

Apr 20, 2023 By Sabrina Pagnotta In BitSight

When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.

Read Post

BitSight

Read more about Remediate Zero Day Events with Third-Party Vulnerability Detection & Response

New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access

Apr 20, 2023 By Roman Wagner In Code Intelligence

We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz.

Read Post