%term

CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

Jul 1, 2024 By Wallarm In Wallarm

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions.

Read Post

Wallarm

Read more about CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

10 BEST Practices for Securely Developing with AI

Jul 1, 2024 By Snyk In Snyk

AI technology is booming, but are you aware of the hidden security risks? Join us as we explore the 10 best practices to keep your use of AI safe and secure.

View Video

Snyk

Read more about 10 BEST Practices for Securely Developing with AI

CVE-2024-5806: Authentication Bypass Vulnerability in Progress MOVEit Transfer

Jun 28, 2024 By Kroll In Kroll

Note: Exploitation of this vulnerability remains highly likely, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.

Read Post

Kroll

Read more about CVE-2024-5806: Authentication Bypass Vulnerability in Progress MOVEit Transfer

New MOVEit Bug Actively Exploited Within Hours of Public Disclosure

Jun 28, 2024 By Foresiet In Foresiet

A high-severity security flaw in Progress Software's MOVEit Transfer platform is being exploited in the wild just hours after its disclosure. This vulnerability, identified as CVE-2024-5806, allows attackers to bypass authentication mechanisms and pose as any valid user, thereby gaining access to sensitive files.

Read Post

Foresiet

Read more about New MOVEit Bug Actively Exploited Within Hours of Public Disclosure

Risks for Polyfill.io Users

Jun 28, 2024 By Lauren Farrell In Centripetal

Earlier this year, a Chinese company named Funnull acquired the polyfillio. Due to this acquisition, this code was used to redirect mobile visitors to scam sites. Over 100,000 websites using the previously popular Polyfill JS open-source project are vulnerable to attacks that redirect traffic to sports betting and pornography sites.

Read Post

Centripetal

Read more about Risks for Polyfill.io Users

Building a Human-Centric Vulnerability Management Program

Jun 27, 2024 By Nucleus In Nucleus

Steve Carter, CEO and co-founder of Nucleus Security, and Dr. Nikki Robinson, Security Architect at IBM, discuss the importance of the people side of vulnerability management. They explore challenges such as context switching, long mean time to remediation, and the impact of communication on vulnerability management programs. The conversation includes practical advice on incorporating human factors into cybersecurity practices, how to improve communication and collaboration among teams, and why understanding human factors is crucial for effective vulnerability management.

View Video

Nucleus

Read more about Building a Human-Centric Vulnerability Management Program

MOVEit Gateway and MOVEit Transfer Vulnerabilities

Jun 27, 2024 By Lauren Farrell In Centripetal

On June 25, 2024, Progress Software, the parent company of the MOVEit software suite, officially released details for two critical vulnerabilities identified in MOVEit Gateway and MOVEit Transfer, CVE-2024-5805 and CVE-2024-5806 respectively. MOVEit Transfer is a managed file transfer solution that supports the exchange of files and data between servers, systems and applications within and between organizations.

Read Post

Centripetal

Read more about MOVEit Gateway and MOVEit Transfer Vulnerabilities

Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware

Jun 27, 2024 By KrakenLabs In Outpost 24

While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and articles describing a novel infection technique being used to distribute various types of malware not necessarily related to each other. For example, this article analyzing Amadey and this one talking about Redline.

Read Post

Outpost 24

Read more about Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware

Container Security Scanning: Vulnerabilities, Risks and Tooling

Jun 27, 2024 By Guest Expert In GitGuardian

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

Read Post

GitGuardian

Read more about Container Security Scanning: Vulnerabilities, Risks and Tooling

How to secure a REST API?

Jun 27, 2024 By Liran Tal In Snyk

As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.

Read Post