%term

Nucleus Security's Year-End Panel on Risk-Based Vulnerability Management

Dec 20, 2024 By Nucleus In Nucleus

In this Nucleus webinar, our panel of cybersecurity experts delves into the complexities and best practices for Risk-Based Vulnerability Management (RBVM) in modern organizations. Led by co-founder Scott Kuffer, the discussion covers the evolution of RBVM, the importance of a unified data approach, the role of automated tools, and effective metrics for vulnerability management. Insights from Cecil Pineda, Gregg Martin, and Steve Carter provide a comprehensive look at strategies for mitigating risks and improving security posture through enhanced vulnerability management processes into 2025.

View Video

Nucleus

Read more about Nucleus Security's Year-End Panel on Risk-Based Vulnerability Management

Create a Token for Discord Bot

Dec 20, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Create a Token for Discord Bot

Install Your Discord Bot

Dec 19, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Install Your Discord Bot

CVE-2024-50379: A Critical Race Condition in Apache Tomcat

Dec 19, 2024 By Tom Abai In Mend

Recently, an Apache Tomcat web server vulnerability, tracked as CVE-2024-50378, has been published, exposing the platform to remote code execution through a race condition failure.

Read Post

Mend

Read more about CVE-2024-50379: A Critical Race Condition in Apache Tomcat

Emerging Threat: Apache Struts CVE-2024-53677

Dec 19, 2024 By Emma Zaballos In CyCognito

CVE-2024-53677 is a critical (9.5) remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework for building Java-based web apps. This vulnerability affects the framework’s file upload logic, allowing attackers to enable paths traversal and perform remote code execution using malicious files.

Read Post

CyCognito

Read more about Emerging Threat: Apache Struts CVE-2024-53677

Making CIS Benchmarks Part of your Vulnerability Management Strategy

Dec 19, 2024 By Scott Kuffer In Nucleus

While vulnerability management is one of the few preventative practices in security, vulnerability patching is still a reactive process. It’s a continuous cycle of discovery, vendors releasing patches, and remediation teams applying those patches. What if there was a way to build in some proactivity to this endless reactive spiral?

Read Post

Nucleus

Read more about Making CIS Benchmarks Part of your Vulnerability Management Strategy

Set Up a Discord Bot

Dec 18, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Set Up a Discord Bot

CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release

Dec 18, 2024 By Andres Ramos In Arctic Wolf

On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.

Read Post

Arctic Wolf

Read more about CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release

4 tips for securing GenAI-assisted development

Dec 18, 2024 By Sarah Conway In Snyk

Gartner predicts that generative AI (GenAI) will become a critical workforce partner for 90% of companies by next year. In application development specifically, we see developers turning to code assistants like Github Copilot and Google Gemini Code Assist to help them build software at an unprecedented speed. But while GenAI can power new levels of productivity and speed, it also introduces new threats and challenges for application security teams.

Read Post

Snyk

Read more about 4 tips for securing GenAI-assisted development

Did you make the security naughty or nice list this year?

Dec 18, 2024 By Mariah Gresham In Snyk

As we approach the end of the year, many of us are reflecting on what we accomplished in 2024 — what did we do well this year? What could we have done better? It's also the perfect time to reflect on how to improve your team’s security practices. Have you been staying ahead of threats or have you let a few vulnerabilities slip through the cracks?

Read Post