Vulnerability

Release Spotlight: Trends Page Upgrade and Bulk Data Export Functionality

Oct 18, 2023 By Rob Gibson In Nucleus

In vulnerability management (VM), the task of sifting through vast amounts of data to pinpoint critical insights can feel like searching for a needle in a haystack, specifically a haystack with many precious needles that all look alike. And, of course, the one needle you’re looking for is mission-critical and can mean the difference between securing your business and leaving it open to attack.

Read Post

Nucleus

Read more about Release Spotlight: Trends Page Upgrade and Bulk Data Export Functionality

Things You Must Know About Cyber Security in the Cloud

Oct 17, 2023 By SecuritySenses In SecuritySenses

In our rapidly evolving and interconnected digital environment, cloud computing has transformed the manner in which organizations store, manage, and retrieve their data and software applications. The cloud offers unparalleled advantages, such as scalability, flexibility, and cost-efficiency. Nevertheless, these advantages also bring an increased emphasis on the significance of cybersecurity within the cloud.

Read Post

SecuritySenses

Read more about Things You Must Know About Cyber Security in the Cloud

How to protect Node.js apps from CSRF attacks

Oct 17, 2023 By Victor Ikechukwu In Snyk

A cross-site request forgery attack (CSRF) attack is a security vulnerability capitalizing on trust between a web browser and a legitimate website. Crafty attackers manipulate browsers into executing malicious actions on websites where users authenticate themselves and log in. Often, these attacks start when users click a link attached to a deceptive email or land on a compromised website, unaware of the logic executing in the background.

Read Post

Snyk

Read more about How to protect Node.js apps from CSRF attacks

Cisco issues warning for critical 0-day vulnerability exploited in the wild

Oct 17, 2023 By Mark Otzen In Outpost 24

Cisco has issued a warning regarding a critical security vulnerability (CVE-2023-20198) affecting its IOS XE software. With a severity rating of 10.0 on the CVSS scoring system, the vulnerability grants remote attackers full administrator privileges on affected devices without authentication.

Read Post

Outpost 24

Read more about Cisco issues warning for critical 0-day vulnerability exploited in the wild

IT admins are just as culpable for weak password use

Oct 17, 2023 By Outpost 24 In Outpost 24

New data from Outpost24 reveals that IT administrators could be just as predictable as end-users when it comes to passwords. An analysis of just over 1.8 million passwords ranks ‘admin’ as the most popular password with over 40,000 entries, with additional findings pointing to a continued acceptance of default passwords.

Read Post

Outpost 24

Read more about IT admins are just as culpable for weak password use

HTTP/2 Rapid Reset Attack Vulnerability

Oct 17, 2023 By Rajat Kapoor In Indusface

Google, Amazon Web Services & others recently disclosed a vulnerability in HTTP/2 protocol, which is being tracked as “CVE-2023-44487”. The flaw lies in how the HTTP/2 protocol was implemented to increase the efficiency of transmitting various messages between endpoints by “Stream multiplexing”.

Read Post

Indusface

Read more about HTTP/2 Rapid Reset Attack Vulnerability

Cisco iOS XE Vulnerability: CVE-2023-20198

Oct 17, 2023 By Lauren Farrell In Centripetal

Cisco has released an advisory, acknowledging active exploitation of a previously unknown vulnerability, which is tracked as CVE-2023-20198, in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access, which is the highest level of access.

Read Post

Centripetal

Read more about Cisco iOS XE Vulnerability: CVE-2023-20198

Get Management Buy-in with AppSec Metrics

Oct 17, 2023 By Cenk Kalpakoğlu In Kondukto

Getting management to back your application security plans can be a tough sell. Metrics are vital because they help you understand how effective your initial cybersecurity measures are and how to turn them into measurable data that's easy for everyone to understand. This article will explore how to use metrics to get the support you need and make your application security programs more effective.

Read Post

Kondukto

Read more about Get Management Buy-in with AppSec Metrics

Navigating the Unknown: Zero-Days in the Supply Chain

Oct 17, 2023 By SecurityScorecard In SecurityScorecard

Zero-days are out there. Lurking just under the surface, waiting for the right moment to strike. A security team can do everything right and still experience a zero-day attack in its supply chain. And with innumerable configurations, devices, and platforms that can be exploited, zero-day exploits are becoming more common than ever.

Read Post

SecurityScorecard

Read more about Navigating the Unknown: Zero-Days in the Supply Chain

SocketSleuth - Burp Suite Extension for websocket testing

Oct 17, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video