%term

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog

Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.

View Video

JFrog

Read more about New Year, New Features in Xray

Triaging vulnerabilities - the way it ought to be

Feb 7, 2022 By Snyk In Snyk

We all know that shifting security left is the right approach for securing our apps. We also know that it isn’t enough - developers also need to be empowered to own security. They require tools that integrate into the way they are already working and they need guidance and assistance from the security team. This is especially true for the most challenging vulnerabilities of all: those that are not so easy to fix, but too important to ignore.

View Video

Snyk

Read more about Triaging vulnerabilities - the way it ought to be

What Is Penetration Testing? Benefits And Pen Testing Vulnerabilities

Feb 6, 2022 By Cyphere In Cyphere

Penetration testing is a way to test the security of your network by simulating an attack on it. This video explains what penetration testing is, why you should use it, and how to find out if your company needs one.#penetrationtesting #pentesting #pentests Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

View Video

Cyphere

Read more about What Is Penetration Testing? Benefits And Pen Testing Vulnerabilities

CVE 2022-24348 - Argo CD High Severity Vulnerability and its impact on Kubernetes

Feb 6, 2022 By Amir Kaushansky In ARMO

Researcher Moshe Zioni from Apiiro, discovered a major software supply chain critical vulnerability - CVE-2022-24348 - in the popular open-source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications. This in turn can lead to privilege escalation, lateral movements, and information disclosure.

Read Post

ARMO

Read more about CVE 2022-24348 - Argo CD High Severity Vulnerability and its impact on Kubernetes

How to Protect Cloud Workloads from Zero-day Vulnerabilities

Feb 4, 2022 By John Walker In CrowdStrike

Protecting cloud workloads from zero-day vulnerabilities like Log4Shell is a challenge that every organization faces. When a vulnerability is published, organizations can try to identify impacted artifacts through software composition analysis, but even if they’re able to identify all impacted areas, the patching process can be cumbersome and time-consuming. As we saw with Log4Shell, this can become even more complicated when the vulnerability is nearly ubiquitous.

Read Post

CrowdStrike

Read more about How to Protect Cloud Workloads from Zero-day Vulnerabilities

Log4Shell remediation with Snyk by the numbers

Feb 4, 2022 By Jason Lane In Snyk

We’re almost two months from the disclosure of Log4Shell, and we here at Snyk couldn’t be more excited with the role we’ve gotten to play in finding and fixing this critical vulnerability that’s impacted so many Java shops. For starters, we’ve been able to help our customers remediate Log4Shell 100x faster than the industry average! How have we been able to achieve that?

Read Post

Snyk

Read more about Log4Shell remediation with Snyk by the numbers

ServiceNow - Username Enumeration Vulnerability (CVE-2021-45901)

Feb 4, 2022 By Trustwave In Trustwave

During a recent engagement Trustwave SpiderLabs discovered a vulnerability (CVE-2021-45901) within ServiceNow (Orlando) which allows for a successful username enumeration by using a wordlist. By using an unauthenticated session and navigating to the password reset form, it is possible to infer a valid username. This is achieved through examination of the HTTP POST response data initially triggered by the password reset web form. This response differs depending on a username's existence.

Read Post

Trustwave

Read more about ServiceNow - Username Enumeration Vulnerability (CVE-2021-45901)

Pentest 101: How to Dodge the Directory Traversal Vulnerability

Feb 4, 2022 By Astra In Astra

Directory Traversal might not be considered as a high-impact vulnerability but it can be a stepping stone to information leak and shell upload vulnerability. The lack of directory traversal security can allow an attacker to manipulate the file path to gain unauthorized access to different files in the directory. You need penetration testing to detect the directory traversal vulnerability. This video is a short explanation of how the file traversal vulnerability can be exploited, and how you can avoid it.

View Video

Astra

Read more about Pentest 101: How to Dodge the Directory Traversal Vulnerability

Vulns Unleashed: Pwnkit

Feb 3, 2022 By Snyk In Snyk

Dive in to the Pwnkit privilege escalation vulnerability with Kyle and Brian!

View Video

Snyk

Read more about Vulns Unleashed: Pwnkit

Fun with ciphers in copycat Wordles

Feb 2, 2022 By Micah Silverman In Snyk

Here at Snyk, we spend a lot of time researching vulnerabilities. We do that because there are a lot of other folks out there researching new ways to break into apps and systems. We’re often putting on our “grey hats” to think like a malicious hacker. I regularly view-source, look at network traffic and eyeball query strings. One such delicious little query string caught my attention this week on one of the many copycat Wordle sites.

Read Post