%term

JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP - A Popular Multimedia Library

Mar 1, 2022 By Uriya Yavniely In JFrog

JFrog’s Security Research team is constantly looking for new and previously unknown security vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered 5 security vulnerabilities in PJSIP, a widely used open-source multimedia communication library developed by Teluu. By triggering these newly discovered vulnerabilities, an attacker can cause arbitrary code execution in the application that uses the PJSIP library.

Read Post

JFrog

Read more about JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP - A Popular Multimedia Library

Feroot Security Raises $11 Million to Protect Against Website App Vulnerabilities

Feb 28, 2022 By Feroot In Feroot

Seed Funding Round Led by Silicon Valley Venture Capital Firm True Ventures.

Read Post

Feroot

Read more about Feroot Security Raises $11 Million to Protect Against Website App Vulnerabilities

How to secure web apps continuously with Pen Testing as a Service

Feb 28, 2022 By Outpost 24 In Outpost 24

Web applications are continuously evolving due to the hypo-velocity of code changes and stream of new features and functionality leaving businesses exposed to application security risks. A new wave of automated pen testing conducted through a software as a service delivery model can help reduce this risk by providing automated vulnerability findings in real time.

Read Post

Outpost 24

Read more about How to secure web apps continuously with Pen Testing as a Service

Log4j: Separating the exploits from the noise

Feb 28, 2022 By Corelight In Corelight

Attackers have already found thousands of potential ways to obfuscate their log4j attacks, which are sweeping the Internet at breakneck speed. SOCs protecting still-vulnerable assets have a duty to chase down every alert for it that pops up - which are coming in at a rate of tens or hundreds of thousands of times a day for larger enterprises. This webcast will covers how a data-driven strategy can automate that insurmountable task into a process that quickly reveals systems that actually responded to the attack - letting teams focus on the alerts that matter the most.

View Video

Corelight

Read more about Log4j: Separating the exploits from the noise

Critical Vulnerability in the SAP Internet Communication Manager Component Could Lead to Full System Takeover, Patch Available

Feb 28, 2022 By Sule Tatar In Arctic Wolf

On Tuesday, February 8, 2022, SAP patched a critical memory corruption vulnerability (CVE-2022-22536) in the SAP Internet Communication Manager (ICM) component that could lead to full system takeover without authentication or user interaction. The ICM component is present in most SAP products and is an important component in SAP NetWeaver application servers.

Read Post

Arctic Wolf

Read more about Critical Vulnerability in the SAP Internet Communication Manager Component Could Lead to Full System Takeover, Patch Available

Solving the CVE puzzle with MITRE ATT&CK and threat intel

Feb 25, 2022 By Simon Roe In Outpost 24

To threat actors, infiltrating an organisation's infrastructure is like a cryptic puzzle they must solve as they seek out vulnerabilities to exploit. By evolving their tactics and techniques, completing the puzzle becomes easier and so does finding common vulnerabilities and exposures (CVEs) to target. As a result, there is a greater call for security teams to go the extra mile with vulnerability remediation efforts by combining threat intelligence with CVE findings and the guidance provided by the MITRE ATT&CK framework to zoom in on the riskiest vulnerabilities.

Read Post

Outpost 24

Read more about Solving the CVE puzzle with MITRE ATT&CK and threat intel

Magento security requires additional patch to fix sanitization vulnerability

Feb 24, 2022 By DeveloperSteve In Snyk

As technology folks, we are often under a lot of pressure to fix some deployed code, update an infrastructure component, or patch some code. Often it’s with little notice and needs to be done 5 minutes ago. The gamble with any “zero turnaround” is the rush to fix now vs. taking the time to test and check.

Read Post

Snyk

Read more about Magento security requires additional patch to fix sanitization vulnerability

CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility

Feb 23, 2022 By Alyssa Ideboen In CrowdStrike

Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection and gain access to critical applications and infrastructure.

Read Post

CrowdStrike

Read more about CrowdStrike Automates Vulnerability Remediation Processes While Enhancing SecOps Visibility

OWASP Top 10: API Security Threats

Feb 22, 2022 By Indusface In Indusface

It’s no secret that APIs are under attack. Companies are struggling to keep their APIs safe and secure from accidental breaches to malicious hacks. The problem will only worsen as APIs become more complex and more companies rely on them for critical business functions. The security risks increase exponentially. About Indusface: Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.

View Video

Indusface

Read more about OWASP Top 10: API Security Threats

4 Best Practices to Reduce Zero Day Exploits

Feb 22, 2022 By Indusface In Indusface

As cybercrime is rising by the hour, security is a huge concern for everyone today. One of the most effective ways to protect the systems from being hacked is detecting and fixing the vulnerabilities. However, now attackers began to take advantage of security flaws known only to them. Zero-day exploits are very difficult to prepare for as they’re quite unpredictable.

View Video