%term

If you don't know about HTTP Archive's Web Almanac yet, you should!

Nov 1, 2024 By Brian Clark In Snyk

Most, if not all, of us in the software development space have benefitted from community-driven projects at some point. We’ve tapped into open source libraries, searched for advice on Reddit, and posted our seemingly unsolvable questions on Stack Overflow. But you might be missing out on a community project that especially excites me. It’s the Web Almanac, a collaborative report that provides tons of valuable insights into how people build and use the web.

Read Post

Snyk

Read more about If you don't know about HTTP Archive's Web Almanac yet, you should!

Broken Access Control in Committee Management System

Nov 1, 2024 By Prateek Kuber In Astra

On 24 September 2024, the security researchers at Astra discovered a critical broken access control vulnerability in the Class Committee Management System, an open-source project. The web-based system allows users to manage files, schedule meetings, generate reports, and access other management features. A broken access control vulnerability occurs when the application does not enforce proper permissions and restrictions.

Read Post

Astra

Read more about Broken Access Control in Committee Management System

Holiday Scam Season: Turning Vulnerabilities into Long-Term Resilience

Nov 1, 2024 By Julian Agudelo In Memcyco

More transactions, less vigilant consumers, and countless digital impersonators ready to exploit them – for scam-targeted industries and cyber teams, the holiday season is a full-spectrum stress test. Those who pass with flying colors have likely adopted key reinforcements that adapt posture for the era of off-the-shelf social engineering scams assisted by AI. Those that don’t are likely still reliant on outdated solutions and customer education.

Read Post

Memcyco

Read more about Holiday Scam Season: Turning Vulnerabilities into Long-Term Resilience

Critical Infrastructure Security: Preparing for Emerging Threats

Nov 1, 2024 By Muhammad Omar Khan In SecuritySenses

Critical infrastructure security can never be overstated in an era when cyberattacks increasingly target modern civilization's backbone. In the past few years, cyberattacks on power grids, transportation systems, and public utilities have highlighted how vulnerable our society is to disruption. A single breach can bring entire regions to a standstill, highlighting the fragility of our interconnected systems.

Read Post

SecuritySenses

Read more about Critical Infrastructure Security: Preparing for Emerging Threats

LOTL Attacks-The Silent Saboteurs in Your Systems

Oct 31, 2024 By Ravid Circus, Co-founder and Chief Product Officer In Seemplicity

Living Off the Land (LOTL) cyber attacks have become a major headache for cybersecurity professionals. These insidious attacks are getting more sophisticated and widespread, posing serious risks to businesses and even national security. Unlike traditional malware-based attacks, LOTL techniques exploit the very tools and processes that organizations rely on for their daily operations.

Read Post

Seemplicity

Read more about LOTL Attacks-The Silent Saboteurs in Your Systems

Discovering Hidden Vulnerabilities in Portainer with CodeQL

Oct 31, 2024 By Eviatar Gerzi In CyberArk

Recently, we researched a project on Portainer, the go-to open-source tool for managing Kubernetes and Docker environments. With more than 30K stars on GitHub, Portainer gives you a user-friendly web interface to deploy and monitor containerized applications easily. Since Portainer is an open-source, we thought CodeQL, an advanced code analysis tool, be a good fit to check its codebase for any security issues.

Read Post

CyberArk

Read more about Discovering Hidden Vulnerabilities in Portainer with CodeQL

Lottie Player npm package compromised for crypto wallet theft

Oct 31, 2024 By Liran Tal In Snyk

On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package.

Read Post

Snyk

Read more about Lottie Player npm package compromised for crypto wallet theft

Seemplicity Announces Next Evolution of RemOps Platform with AI-Powered Capabilities

Oct 30, 2024 By Seemplicity In Seemplicity

Seemplicity transforms vulnerability management with AI-driven, tailored remediation plans, helping teams reduce risk faster and more efficiently.

Read Post

Seemplicity

Read more about Seemplicity Announces Next Evolution of RemOps Platform with AI-Powered Capabilities

Remote Desktop Protocol (RDP) Vulnerability

Oct 30, 2024 By John Gates In CalCom

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, providing the user access to remotely connect with another computer. Microsoft’s remote desktop protocol is one of the best currently available in the market, working efficiently with an effortless graphical user interface (GUI). It can be used between multiple Windows Operating Systems and Devices. This article discussed RDP protocol security and current RDP vulnerabilities.

Read Post

CalCom

Read more about Remote Desktop Protocol (RDP) Vulnerability

CVE-2024-50388: Critical OS Command Injection Vulnerability in QNAP HBS 3 Hybrid Backup Sync

Oct 30, 2024 By Andres Ramos In Arctic Wolf

On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own conference, this vulnerability affects HBS 3 Hybrid Backup Sync, a backup and disaster recovery solution used by organizations for secure data protection across multiple locations. The flaw allows remote attackers to execute arbitrary commands.

Read Post