%term

OWASP API Top 10 2023: What changed and why it's important?

Sep 28, 2023 By AppSentinels In AppSentinels

Back in 2019, OWASP released its first API Top-10 list. It quickly gained widespread acceptance and acknowledgment from the industry about the challenges faced in protecting APIs. Since then, growth in APIs has continued, and the threat landscape also evolved rapidly. OWASP has released an updated API Top 10 2023 with quite a few changes from 2019 to address the changes and provide new insights and recommendations.

Read Post

AppSentinels

Read more about OWASP API Top 10 2023: What changed and why it's important?

Strengthening Your Security with Agentless Vulnerability Management

Sep 27, 2023 By Sysdig In Sysdig

Discover how Sysdig Secure’s new “Agentless Vulnerability Management” approach helps you streamline the onboarding of new deployments, while significantly cutting down complexity and setup time. Agentless security tools generally rely on leveraging existing interfaces and APIs provided by the cloud service providers to collect information and perform vulnerability assessments.

View Video

Sysdig

Read more about Strengthening Your Security with Agentless Vulnerability Management

Over 53% of Organizations Have An Internet-Exposed Vulnerability

Sep 27, 2023 By SecurityScorecard In SecurityScorecard

SecurityScorecard is the global leader in cybersecurity ratings and the only service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

View Video

SecurityScorecard

Read more about Over 53% of Organizations Have An Internet-Exposed Vulnerability

10 best practices for securely developing with AI

Sep 27, 2023 By Simon Maple In Snyk

By now, we’re all painfully aware that AI has become a crucial and inevitable tool for developers to enhance their application development practices. Even if organizations restrict their developers using AI tools, we hear many stories of how they circumvent this through VPNs, and personal accounts.

Read Post

Snyk

Read more about 10 best practices for securely developing with AI

A Deep Dive into the Exploit Prediction Scoring System EPSS

Sep 27, 2023 By Nucleus In Nucleus

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS’s goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data.

View Video

Nucleus

Read more about A Deep Dive into the Exploit Prediction Scoring System EPSS

9 Best Android Vulnerability Scanners to Detect Vulnerabilities

Sep 27, 2023 By Karthik In Astra

In the digital age, Android vulnerability scanners, or as some may call them, android app vulnerability scanners, have become an essential tool for maintaining the security of mobile applications. Given Android’s substantial mobile OS market share, it’s a prime target for cyber threats.

Read Post

Astra

Read more about 9 Best Android Vulnerability Scanners to Detect Vulnerabilities

CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

Sep 26, 2023 By Andres Ramos In Arctic Wolf

On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 and can allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform RCE. All versions of TeamCity On-Premises are affected by this vulnerability.

Read Post

Arctic Wolf

Read more about CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

Signing container images: Comparing Sigstore, Notary, and Docker Content Trust

Sep 26, 2023 By Hrittik Roy In Snyk

In the modern software ecosystem, containerization has become a popular method for packaging and deploying applications. Alongside this growing trend, ensuring the security of software supply chains has become a critical concern for businesses of all sizes. Implementing best practices, such as signing and verifying images to mitigate man-in-the-middle (MITM) attacks and validating their authenticity and freshness, play a pivotal role in safeguarding the integrity of the software supply chain.

Read Post

Snyk

Read more about Signing container images: Comparing Sigstore, Notary, and Docker Content Trust

Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

Sep 26, 2023 By Steven In IDStrong

Delta Dental of California is a major dental insurance provider throughout one of the largest states in the US. The company is well-known for offering PPO dental insurance policies and other varieties of dental insurance options. The company was founded in 1955 and serves millions of Americans throughout nearly all of the 50 states. All California residents using Delta Dental may have been impacted by a recent data breach that could cause real problems for them.

Read Post

IDStrong

Read more about Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

CVE-2023-41991, 41992, 41993: Three Actively Exploited Vulnerabilities in Apple Products Fixed

Sep 25, 2023 By Andres Ramos In Arctic Wolf

On September 21, 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari. Citizen Lab and Google Threat Analysis Group (TAG) observed these three vulnerabilities exploited in an exploit chain against a former Egyptian Member of Parliament to deploy Predator spyware. Predator was developed by Intellexa/Cytrox to perform surveillance on targeted mobile devices.

Read Post