%term

Two Zero-Day Vulnerabilities Impacting Ivanti Connect Secure and Policy Secure Gateways

Jan 15, 2024 By George Glass In Kroll

Note: These vulnerabilities remain under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. Two zero-day vulnerabilities have been discovered in Ivanti Connect Secure (ICS), formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways.

Read Post

Kroll

Read more about Two Zero-Day Vulnerabilities Impacting Ivanti Connect Secure and Policy Secure Gateways

Critical flaw found in WordPress plugin used on over 300,000 websites

Jan 15, 2024 By Graham Cluley In Tripwire

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view sensitive logs (including password reset emails) on the affected website. A malicious hacker exploiting the flaw could access the key after triggering a password reset.

Read Post

Tripwire

Read more about Critical flaw found in WordPress plugin used on over 300,000 websites

NYDFS Finalizes Amendments to Cybersecurity Regulations: Adapting to New Requirements for Financial Services Companies

Jan 14, 2024 By Itamar Sher In Seal Security

On March 1, 2017 the Department of Financial Services (DFS) introduced a regulation, known as 23 NYCRR 500, establishing cybersecurity requirements for financial services companies. This regulation, enacted by the New York State Department of Financial Services, specifically Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York (NYCRR) is commonly known as the "Cybersecurity Requirements for Financial Services Companies".

Read Post

Seal Security

Read more about NYDFS Finalizes Amendments to Cybersecurity Regulations: Adapting to New Requirements for Financial Services Companies

Snyk and ServiceNow

Jan 13, 2024 By Snyk In Snyk

Looking for a complete view of your application security posture to drive smarter, faster fixes in your ServiceNow workflows? ServiceNow workflows, backed by Snyk, provide a single view into all application vulnerabilities from multiple sources, determine their priority, and help expedite the remediation process with relevant stakeholders across the organization to reduce the attack surface. Working together with AppSec and IT teams, learn how SecOps teams can track vulnerabilities in open source dependencies and create ServiceNow Application Vulnerable Items (AVITs) automatically.

View Video

Snyk

Read more about Snyk and ServiceNow

TASConnect and Snyk

Jan 13, 2024 By Snyk In Snyk

Discover how TASConnect leverages Snyk to help developers find, prioritize and fix vulnerabilities.

View Video

Snyk

Read more about TASConnect and Snyk

Connect Secure No More: Ivanti's Zero-Day Vulnerabilities (CVE-2024-21887 and CVE-2023-46805)

Jan 12, 2024 By Caitlin Postal In UpGuard

Two chainable zero-day vulnerabilities face Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS): CVE-2023-46805 and CVE-2024-21887. All supported versions of the Ivanti Connect Secure and Policy Secure Gateways are currently at risk, and Ivanti has confirmed that customers have experienced active exploitation. ICS was previously known as Pulse Connect Secure. ICS offers a virtual private network (VPN) gateway, while IPS provides network access control.

Read Post

UpGuard

Read more about Connect Secure No More: Ivanti's Zero-Day Vulnerabilities (CVE-2024-21887 and CVE-2023-46805)

Threat Intelligence Research

Jan 11, 2024 By SecurityScorecard In SecurityScorecard

As part of our effort to make the world safer, SecurityScorecard has been tracking threat actor groups conducting cyberattacks on behalf of nation states.

Read Post

SecurityScorecard

Read more about Threat Intelligence Research

How to Adapt Vulnerability Management Service Level Agreements (SLAs) to Team Maturity

Jan 11, 2024 By Scott Kuffer In Nucleus

In working with customers across different enterprises and experiencing it myself, the challenges in managing vulnerabilities effectively are felt. Drawing from the insights of customers and my experiences, I’ve learned much about using Service Level Agreements (SLAs) in the vulnerability remediation process.

Read Post

Nucleus

Read more about How to Adapt Vulnerability Management Service Level Agreements (SLAs) to Team Maturity

Security warning! All of us are victims of open-source vulnerabilities

Jan 10, 2024 By General In ManageEngine

Picture this: A user on your network casually explores the internet and scrolls through a website’s comment section. However, a lurking threat known as cross-site scripting (XSS) is poised to exploit vulnerabilities and steal their session cookies, which includes sensitive data such as their logon credentials. But how does this nefarious scheme unfold, and what other open-source vulnerabilities could be exploited in the process?

Read Post

ManageEngine

Read more about Security warning! All of us are victims of open-source vulnerabilities

Mastering Python virtual environments: A complete guide to venv, Docker, and securing your code

Jan 10, 2024 By Liran Tal In Snyk

Python, as a versatile and widely used programming language, has an extensive ecosystem of modules and packages. As you navigate this ecosystem, it's important to understand the role of virtual environments. In this article, we will delve into what virtual environments are, why developers need them, and some common tools for creating Python virtual environments.

Read Post