Vulnerability

Navigating Chaos: JFrog Security Essentials and Advanced Security

Sep 13, 2023 By JFrog In JFrog

We examine fundamental shifts and changes to software development approaches and how we secure developers, the code they write, and the products they build. Learn how your development teams can prioritize critical vulnerable exposure (CVE) remediation, maintain granular, centralized, and complete control of the development process, and maintain a single source of truth from code to device.

View Video

JFrog

Read more about Navigating Chaos: JFrog Security Essentials and Advanced Security

Security implications of cross-origin resource sharing (CORS) in Node.js

Sep 13, 2023 By Victor Ikechukwu In Snyk

In modern web applications, cross-origin resource sharing (CORS) enables secure communication between applications hosted on different origins. Developers use CORS to access other applications’ services within their own. This approach eliminates the need to rewrite features from scratch, accelerating development time and improving the developer experience.

Read Post

Snyk

Read more about Security implications of cross-origin resource sharing (CORS) in Node.js

Demystifying NIST Vulnerability Management: A Comprehensive Guide

Sep 12, 2023 By Keshav Malik In Astra

Protecting sensitive information and securing digital assets now require the use of cybersecurity. Organizations must employ proactive steps to spot and address vulnerabilities as cyber threats continue to become more complex and sophisticated. Vulnerability assessment is one such method, which is important in cybersecurity risk management.

Read Post

Astra

Read more about Demystifying NIST Vulnerability Management: A Comprehensive Guide

The most common vulnerabilities in your external attack surface

Sep 12, 2023 By Outpost 24 In Outpost 24

Imagine your organization’s digital fortress – now picture a thousand hidden doors, each a potential entry point for cyber threats. In the world of cybersecurity, these doors are known as ‘external attack surface vulnerabilities’ and understanding them is the first step to locking them down. External attack surface vulnerabilities are the weak points of a company’s network that can potentially be exploited by malicious actors.

Read Post

Outpost 24

Read more about The most common vulnerabilities in your external attack surface

A guide to input validation with Spring Boot

Sep 12, 2023 By Lucien Chemaly In Snyk

If you're a developer working with Java, you likely know Spring Boot, the robust framework that streamlines the development of stand-alone, production-grade, Spring-based applications. One of the many features it offers is Bean Validation, which is a crucial aspect of any application to ensure data integrity and improve user experience.

Read Post

Snyk

Read more about A guide to input validation with Spring Boot

New Vulnerabilities in Apple Products Exploited in the Wild

Sep 12, 2023 By Andres Ramos In Arctic Wolf

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS, iPadOS, and watchOS products. These vulnerabilities can be exploited with a maliciously crafted attachment or image which leads to arbitrary code execution.

Read Post

Arctic Wolf

Read more about New Vulnerabilities in Apple Products Exploited in the Wild

CVE-2023-20269: Cisco ASA/Firepower VPN Zero-Day Vulnerability Actively Exploited

Sep 12, 2023 By Andres Ramos In Arctic Wolf

On August 31, 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently, on September 6, 2023, Cisco published a security advisory warning of a zero-day vulnerability (CVE-2023-20269) in the remote access VPN feature of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software.

Read Post

Arctic Wolf

Read more about CVE-2023-20269: Cisco ASA/Firepower VPN Zero-Day Vulnerability Actively Exploited

How To Discover PII and Privacy Vulnerabilities in Structured Data Sources

Sep 12, 2023 By Protecto In Protecto

In this video, we walk through the process of discovering personally identifiable information (PII) and identifying potential privacy vulnerabilities within structured data sources. First, you will connect Protecto to your data repository. Then, we will show you how to access the Privacy Risk Data within your data assets catalog, obtain information on active users, access privileges, data owners, and recommendations for dealing with privacy risks.

View Video

Protecto

Read more about How To Discover PII and Privacy Vulnerabilities in Structured Data Sources

How to avoid web cache poisoning attacks

Sep 11, 2023 By Najia Gul In Snyk

Web cache poisoning is a cyber attack that wreaks havoc on unsuspecting websites. It exploits vulnerabilities by caching mechanisms that web servers, proxies, and content delivery networks (CDNs) use, compromising data integrity. Malicious actors can use cache poisoning to deliver malicious payloads, tamper with sensitive information, or redirect users to fraudulent websites. In this article, we’ll comprehensively explore web cache poisoning attacks and how they work.

Read Post

Snyk

Read more about How to avoid web cache poisoning attacks

Cisco VPN Zero-Day exploited by ransomware gangs (CVE-2023-20269) - Insights and best practices for defense

Sep 11, 2023 By Tally Netzer In IONIX

In the tech security scene, we’re always on the lookout for new vulnerabilities, especially when they are already exploited in the wild. The latest zero-day CVE-2023-20269 is hitting Cisco’s Adaptive Security Appliance VPN features. The attack surface scan conducted by IONIX research on a sample of organizations indicates that 13% of these appliances are potentially vulnerable through at least one interface.

Read Post