%term

MSHTML RCE Exploited CVE-2021-40444

Sep 9, 2021 By Cyberint Research In Cyberint

Details of a high severity remote code execution (RCE) vulnerability in Microsoft's proprietary browser engine 'MSHTML', also known as 'Trident', were released by Microsoft on September 7, 2021, and promptly followed by reports of active exploitation in the wild.

Read Post

Cyberint

Read more about MSHTML RCE Exploited CVE-2021-40444

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

Sep 7, 2021 By Ori Hollander and Or Peles In JFrog

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites and used by many leading companies.

Read Post

JFrog

Read more about Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

Atlassian Confluence Server OGNL Injection (CVE-2021-26084)

Sep 5, 2021 By Cyberint Research In Cyberint

CVE-2021-26084, a critical vulnerability (CVSS score 9.8) in Atlassian Confluence Server and Confluence Data Center, is currently being actively and widely exploited by threat actors.

Read Post

Cyberint

Read more about Atlassian Confluence Server OGNL Injection (CVE-2021-26084)

Risk Mitigation Strategies for Tcp/IP Vulnerabilities in OT

Sep 4, 2021 By JFrog In JFrog

JFrog in collaboration with Forescout Research Labs recently released the fourth study from Project Memoria - the industry’s most comprehensive study of TCP/IP vulnerabilities. INFRA:HALT covers 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.

View Video

JFrog

Read more about Risk Mitigation Strategies for Tcp/IP Vulnerabilities in OT

Why is AT&T adding Web Application Shielding to its Managed Vulnerability Program?

Sep 2, 2021 By James Carrigan Jr. In AT&T Cybersecurity

Cybercriminals never sleep. Why? They're too busy looking for application vulnerabilities. In the world of cybercrime, a flawed application is a potential goldmine for them, but an onramp to disaster for most organizations.

Read Post

AT&T Cybersecurity

Read more about Why is AT&T adding Web Application Shielding to its Managed Vulnerability Program?

Snyk Code support for PHP vulnerability scanning enters beta

Sep 2, 2021 By DeveloperSteve In Snyk

Snyk Code support for PHP vulnerability scanning is now available in beta. Now security issues in PHP code can be identified quickly and easily. To get started, log into Snyk or sign up for a free account. Once logged in on the dashboard, click on the Add Project button in the top right corner and connect to a repository you want to scan.

Read Post

Snyk

Read more about Snyk Code support for PHP vulnerability scanning enters beta

Detection and response for the actively exploited ProxyShell vulnerabilities

Aug 25, 2021 By Elastic Security Intelligence & Analytics Team In Elastic

On August 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities ( CVE-2021-31207 , CVE-2021-34473 , CVE-2021-34523 ). By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks.

Read Post

Elastic

Read more about Detection and response for the actively exploited ProxyShell vulnerabilities

Joint PCI security and CSA guidance on scoping cloud environments

Aug 24, 2021 By Sergio Loureiro In Outpost 24

As organizations move their infrastructure to the cloud, payment data are being exposed unknowingly leading to high profile data breaches. Find out how the new guidance from PCI Security Standards Council (PCI SSC) and Cloud Security Alliance (CSA) can help protect your cardholder data in the cloud.

Read Post

Outpost 24

Read more about Joint PCI security and CSA guidance on scoping cloud environments

Vulnerability Management: Process, Life Cycle, and Best Practices

Aug 24, 2021 By Emily Heaslip In Nightfall

Vulnerability management is a full-time occupation. This cybersecurity function is iterative and involves constant monitoring, documentation, and review. From updating your software to recording new patches, vulnerability management is a constant process that benefits from automated tools like Nightfall . Here’s how vulnerability management works, the ins and outs of the vulnerability management life cycle, and best practices to implement at your organization.

Read Post

Nightfall

Read more about Vulnerability Management: Process, Life Cycle, and Best Practices

How Snyk Social Trends help you fix essential security vulnerabilities

Aug 18, 2021 By Brian Vermeer In Snyk

Recently, Snyk added Social Trends to its vulnerability data . This new indicator shows you what vulnerabilities are trending so you can better prioritize remediation. Our research team found out that there is a strong correlation between socially trending vulnerabilities and the existence of exploits that can actually harm your application.

Read Post