%term

DevSecOps Tools for Cybersecurity Success

Dec 2, 2024 By Jessica Amado In Seemplicity

With DevSecOps, cybersecurity has become integrated into every phase of the software development lifecycle (SDLC). DevSecOps tools work across development, security, and operations siloes and enable these teams to work collaboratively, ensuring security vulnerabilities are addressed early and efficiently, reducing risks before they reach production.

Read Post

Seemplicity

Read more about DevSecOps Tools for Cybersecurity Success

A SenseOn Advisory: PAN-OS zero-day vulnerabilities CVE-2024-9474 & CVE-2024-0012

Dec 2, 2024 By Daniela Lopez In SenseOn

On the 18th of November 2024, Palo Alto published advisories disclosing two vulnerabilities affecting the Web Management Interface in PAN-OS. The most critical of these vulnerabilities is CVE-2024-0012 with a severity rating of 9.3. Exploitation of this vulnerability allows a remote, unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges.

Read Post

SenseOn

Read more about A SenseOn Advisory: PAN-OS zero-day vulnerabilities CVE-2024-9474 & CVE-2024-0012

How Dark Mode Got Me Hacked

Dec 2, 2024 By Snyk In Snyk

The infamous Light Mode vs Dark Mode battle has been waging for some time... I've always been a Dark Mode person, but now, I think I might be changing sides. A PDF Dark Mode converter extension I've used for some time turned out to be malicious, so I set out to determine how this happened and how I can prevent it from happening again.

View Video

Snyk

Read more about How Dark Mode Got Me Hacked

Why a solid DevOps foundation is vital for effective DevSecOps

Nov 27, 2024 By Ben Desjardins In Snyk

As DevOps adoption has grown, organizations are pushing code into production faster than ever. However, the fast pace of DevOps has led many developers to view security as a bottleneck or afterthought, which means security teams need a new approach to keep up.

Read Post

Snyk

Read more about Why a solid DevOps foundation is vital for effective DevSecOps

CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Nov 27, 2024 By Pauline Bolaños In Trustwave

On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. This widely used open-source file archiving software enables remote actors to perform remote code execution (RCE) on vulnerable 7-Zip versions. This vulnerability was originally discovered earlier this year and was reported to 7-Zip in June 2024.

Read Post

Trustwave

Read more about CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution

Measuring AppSec success: Key KPIs that demonstrate value

Nov 26, 2024 By Daniel Berman In Snyk

In the software development industry, proactively securing the software development life cycle (SDLC) from cyber threats must always be a top priority. Taking a shift left approach addresses security early on so your development teams can spend more time innovating and less on dealing with vulnerabilities. But that’s just the beginning.

Read Post

Snyk

Read more about Measuring AppSec success: Key KPIs that demonstrate value

How to Enhance Secure Access to Screen Displays for Remote Workers

Nov 26, 2024 By SecuritySenses In SecuritySenses

Remote work is the new normal, and while it is flexible, it can easily introduce security risks. Protecting sensitive information on screen displays is crucial. With employees working from different locations, it's easier than ever to be exposed to threats. Hackers, unauthorized access, and accidental data sharing are just a few concerns. That's why secure access to screen displays is more important than ever. Let's explore how you can strengthen security for remote workers.

Read Post

SecuritySenses

Read more about How to Enhance Secure Access to Screen Displays for Remote Workers

How API Vulnerabilities Expose Millions of Records in Just Minutes! #DataLeak #DataBreach

Nov 25, 2024 By Wallarm In Wallarm

APIs are crucial for data flow, but they also open doors for rapid data breaches if security isn't real-time. In this video, we analyze how an API vulnerability led to a 250 million user data leak in just minutes. Learn why fast data flow in APIs requires immediate, real-time protection to prevent major damage. This case also highlights the often-overlooked importance of client-side security in API protection, especially as APIs are increasingly used in mobile apps and browsers. Discover essential insights to safeguard APIs from potential attacks.

View Video

Wallarm

Read more about How API Vulnerabilities Expose Millions of Records in Just Minutes! #DataLeak #DataBreach

Path Traversal in 2024 - The year unpacked

Nov 23, 2024 By Mackenzie Jackson In Aikido

Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.

Read Post

Aikido

Read more about Path Traversal in 2024 - The year unpacked

Command injection in 2024 unpacked

Nov 22, 2024 By Mackenzie Jackson In Aikido

Command injection is a vulnerability still very prevalent in web applications despite being less famous than its cousins SQL injection or Code injection. If you’re familiar with other injection vulnerabilities, you’ll recognize the common principle: untrusted user input is not properly validated, leading to the execution of arbitrary system commands. This flaw occurs when unvalidated input is passed to system-level functions. So how prominent is command injection actually?

Read Post