Vulnerability

How CISO's Should Approach Security Vulnerability Risk

Nov 13, 2023 By Nucleus In Nucleus

Patrick Garrity, Security Researcher at Nucleus Security, interviews Aleksandr Yompolski, CEO of Security Scorecard, about the evolving cybersecurity landscape and the role of security ratings and risk assessments. They discuss the challenges organizations face in defending against exploitation attacks, the need for collaboration and communication in the industry, and the importance of balancing security and business agility.

View Video

Nucleus

Read more about How CISO's Should Approach Security Vulnerability Risk

Lessons Learned From 50+ MOVEit Exploit (CVE-2023-34362) Investigations - Full Webinar

Nov 10, 2023 By Kroll In Kroll

In Q2 2023, Kroll reported a notable shift towards increased supply chain risk, largely driven by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability. The MOVEit exploitation rendered even organizations with mature cybersecurity controls helpless and vulnerable to financial and reputational damage. Only a handful were able to detect the exfiltration, and even fewer could handle the consequences once a trusted partner fell victim.

View Video

Kroll

Read more about Lessons Learned From 50+ MOVEit Exploit (CVE-2023-34362) Investigations - Full Webinar

Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)

Nov 10, 2023 By Wallarm In Wallarm

In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these vulnerabilities, their implications, and the necessary mitigation steps to protect your digital assets.

Read Post

Wallarm

Read more about Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)

Real-time threat protection with Snyk and SentinelOne

Nov 9, 2023 By Shivam Jindal In Snyk

Modern applications are made up of more than first-party code and third-party dependencies. Even a single application links back to a vast ecosystem of cloud environments, containers, third-party base images, and automated container orchestration. Along with the ability to build applications faster, developers also need to secure code and associated dependencies, deployment configuration, and containers running in production.

Read Post

Snyk

Read more about Real-time threat protection with Snyk and SentinelOne

Rego for beginners Part 2: Combining queries with AND/OR and custom messages

Nov 9, 2023 By Jasper Van der Jeugt In Snyk

This blog post series offers a gentle introduction to Rego, the policy language from the creators of the Open Policy Agent (OPA) engine. If you’re a beginner and want to get started with writing Rego policy as code, you’re in the right place. In this three-part series, we’ll go over the following: As a reminder, Rego is a declarative query language from the makers of the Open Policy Agent (OPA) framework.

Read Post

Snyk

Read more about Rego for beginners Part 2: Combining queries with AND/OR and custom messages

Outpost24 adds Threat Explorer to threat intelligence platform for advanced vulnerability intelligence and exposure time reduction

Nov 9, 2023 By Outpost 24 In Outpost 24

Philadelphia, PA, November 9, 2023 – Leading cyber risk management and threat intelligence provider Outpost24 today announced the release of Threat Explorer, an advanced vulnerability intelligence and custom alerting tool for continuous threat monitoring.

Read Post

Outpost 24

Read more about Outpost24 adds Threat Explorer to threat intelligence platform for advanced vulnerability intelligence and exposure time reduction

CVE-2023-3595: Rockwell Automation ControlLogix Vulnerability Analysis Fuels Better Risk Assessment and Threat Detection

Nov 9, 2023 By Jos Wetzels In Forescout

On July 14, CISA published an industrial control system (ICS) advisory about two new critical vulnerabilities affecting Rockwell Automation ControlLogix communication modules: CVE-2023-3595 and CVE-2023-3596. CISA and Rockwell Automation recommended that asset owners patch vulnerable devices and add controls such as segmenting networks and using network intrusion detection.

Read Post

Forescout

Read more about CVE-2023-3595: Rockwell Automation ControlLogix Vulnerability Analysis Fuels Better Risk Assessment and Threat Detection

PyPi Malware Stealing Discord and Roblox Payment Info #cybersecurity #discord #appsec

Nov 9, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about PyPi Malware Stealing Discord and Roblox Payment Info #cybersecurity #discord #appsec

The SysAid Zero-Day Vulnerability: CVE-2023-47246

Nov 9, 2023 By Caitlin Postal In UpGuard

SysAid on-premises software faces a zero-day vulnerability tracked as CVE-2023-47246. SysAid recommends that all customers immediately upgrade to version 23.3.36, which has a security patch for the path traversal vulnerability.

Read Post

UpGuard

Read more about The SysAid Zero-Day Vulnerability: CVE-2023-47246

Exploiting dompdf Vulnerability with PHP #cybersecurity #applicationsecurity

Nov 8, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video