Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Lessons learned from the Argo CD zero-day vulnerability (CVE-2022-24348)

Feb 10, 2022 By Eric Smalling In Snyk

On January 30, 2022, , the Argo CD team was contacted by researchers at Apiiro regarding a vulnerability they had discovered in the popular continuous delivery platform that could allow bad actors to steal sensitive information from deployments. The Argo CD team was able to quickly develop fixes for all three of their currently supported releases and publish them to their users within 48 hours.

Read Post
Forward Networks

Log4Shell Peace of Mind in Minutes, Not Weeks

Feb 9, 2022 By Forward Networks In Forward Networks

Discovered on December 9, 2021, the log4Shell vulnerability is one of the most talked-about vulnerabilities in computing. Because simple text can be used to take control of a device and download anything that is Internet-accessible, companies are taking it seriously. As they should – log4Shell has the maximum CVSS score of 10 (CVSS, Common Vulnerability Scoring System, is an industry-standard for ranking vulnerabilities).

Read Post

How to Use the Snyk CLI to Fix Vulnerabilities in Your Application: The Big Fix

Feb 8, 2022 By Snyk In Snyk
Brian Vermeer, Developer Advocate at Snyk, demonstrates how you can use the Snyk CLI to fix vulnerabilities in your application. Join us for The Big Fix, an event that brings developers and security practitioners round the world to find and fix vulnerabilities. Let's make the Internet a safer and better place than before!
View Video
Trustwave

From Stored XSS to Code Execution using SocEng, BeEF and elFinder CVE-2021-45919

Feb 8, 2022 By Trustwave In Trustwave

A stored cross-site scripting vulnerability, tracked as CVE-2021-45919, was identified in elFinder File Manager. The vulnerability can result in the theft of user credentials, tokens, and the ability to execute malicious JavaScript in the user's browser. Any organization utilizing an out-of-date elFinder component on its web application could be affected.

Read Post
jfrog

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Feb 8, 2022 By Itay Vaknin, Brian Moussalli In JFrog

Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.

Read Post

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog
Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.
View Video
Feroot

How to Protect the Software Supply Chain from Vulnerable Third-Party Code

Feb 8, 2022 By Ivan Tsarynny In Feroot

What happens when the software, scripts and code snippets that your business uses on your website and network have been compromised at the source? The compromise could be unintentional—perhaps the coders simply made a mistake. Or the compromise could be intentional—maybe hackers wrote a malicious script and promoted it as legitimate on a third-party library source to encourage users to download and install.

Read Post

Triaging vulnerabilities - the way it ought to be

Feb 7, 2022 By Snyk In Snyk
We all know that shifting security left is the right approach for securing our apps. We also know that it isn’t enough - developers also need to be empowered to own security. They require tools that integrate into the way they are already working and they need guidance and assistance from the security team. This is especially true for the most challenging vulnerabilities of all: those that are not so easy to fix, but too important to ignore.
View Video

What Is Penetration Testing? Benefits And Pen Testing Vulnerabilities

Feb 6, 2022 By Cyphere In Cyphere
Penetration testing is a way to test the security of your network by simulating an attack on it. This video explains what penetration testing is, why you should use it, and how to find out if your company needs one.#penetrationtesting #pentesting #pentests Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.
View Video
armo

CVE 2022-24348 - Argo CD High Severity Vulnerability and its impact on Kubernetes

Feb 6, 2022 By Amir Kaushansky In ARMO

Researcher Moshe Zioni from Apiiro, discovered a major software supply chain critical vulnerability - CVE-2022-24348 - in the popular open-source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications. This in turn can lead to privilege escalation, lateral movements, and information disclosure.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.