%term

Responding to remote service appliance vulnerabilities with Sumo Logic

Jun 26, 2023 By Anton Ovrutsky In Sumo Logic

For those responsible directly or indirectly for the cyber defense of their organizations, June 2023 is proving to be an extremely challenging month. In this month alone, vulnerabilities were discovered in various appliances, ranging from CVE-2023-27997 impacting FortiGate devices to CVE-2023-35708 impacting MOVEit Transfer software as well as the exploitation activity discovered of Barracuda appliances via CVE-2023-2868.

Read Post

Sumo Logic

Read more about Responding to remote service appliance vulnerabilities with Sumo Logic

Fortinet Fortigate Vulnerability CVE-2023-27997: How to Surface Exposed Devices and Mitigate the Threat

Jun 23, 2023 By SecurityScorecard In SecurityScorecard

Recently, a critical vulnerability tracked as CVE-2023-27997 was identified in Fortinet Fortigate appliances. Fortinet makes some of the most popular firewall and VPN devices on the market, which makes them an attractive target for threat actors. This vulnerability has been exploited by the Chinese APT group Volt Typhoon, among others, targeting governments and organizations worldwide. As a result, Fortinet has released an urgent patch for affected systems.

Read Post

SecurityScorecard

Read more about Fortinet Fortigate Vulnerability CVE-2023-27997: How to Surface Exposed Devices and Mitigate the Threat

MOVEit Supply Chain Attack

Jun 23, 2023 By Stripe OLT In Stripe OLT

On the 31st of May 2023 a public warning was issued by MOVEit, regarding a critical SQL injection vulnerability found in in their systems. This vulnerability allowed malicious actors to gain access to the database. The flaw, known as CVE-2023-34362, was identified on the 2nd of June, but it had already been exploited four days before the alert. By the end of May, approximately 2,500 instances of MOVEit file transfers were discovered to be exposed online, primarily in the United States.

Read Post

Stripe OLT

Read more about MOVEit Supply Chain Attack

CVE-2023-33299: Critical Fortinet FortiNAC RCE Vulnerability

Jun 23, 2023 By Andres Ramos In Arctic Wolf

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to manage network access policies and compliance. This vulnerability is the result of the deserialization of untrusted data. Deserialization vulnerabilities such as this one are dangerous because a threat actor can insert a modified serialized object into the system which leads to unauthenticated RCE.

Read Post

Arctic Wolf

Read more about CVE-2023-33299: Critical Fortinet FortiNAC RCE Vulnerability

How to Spend Less Time Fixing CVEs

Jun 23, 2023 By JFrog In JFrog

One of the most common complaints of SCA tools from developers is that they generate far too many results, requiring them to fix lots of vulnerabilities that don’t in reality, pose any risk. This wastes time, money and lowers productivity.

View Video

JFrog

Read more about How to Spend Less Time Fixing CVEs

Exploiting ancient vulnerabilities: How did the 3CX supply chain attack occur and what can we learn from it?

Jun 22, 2023 By Etay Maor, Senior Director of Security Strategy In Cato Networks

On March 29th, North-Korean linked threat-actors targeted 3CX, a VoIP IPX developer, exploiting a 10-year-old vulnerability (CVE-2013-3900) that made executables appear to be legitimately signed by Microsoft when, in fact, they were being used to distribute malware. The 3CX attack is just the latest in a series of high-profile supply chain attacks over the past year. The SolarWinds attack compromised the Orion system, affecting thousands of organizations, and the Kaseya VSA attack that was used to deliver REvil ransomware also to thousands of organizations and is considered one of the largest security breaches of the 21st century.

Read Post

Cato Networks

Read more about Exploiting ancient vulnerabilities: How did the 3CX supply chain attack occur and what can we learn from it?

Research with Snyk and Redhunt Labs: Scanning the top 1000 orgs on GitHub

Jun 22, 2023 By Vandana Verma Sehgal In Snyk

Open source code is a vital aspect of modern development. It allows developers to increase their application’s functionality, while reducing overall development time. However, the system isn’t perfect. The nature of third party software and it’s dependencies often creates opportunity for security vulnerabilities to lurk in libraries and downloads.

Read Post

Snyk

Read more about Research with Snyk and Redhunt Labs: Scanning the top 1000 orgs on GitHub

Installilng the Snyk Security in Jira Cloud app

Jun 22, 2023 By Snyk In Snyk

Snyk Security in Jira Cloud provides actionable security alerts to reduce disruption to developer productivity. Installing the app is easy.

View Video

Snyk

Read more about Installilng the Snyk Security in Jira Cloud app

HiBob - Can You Please Share Customers' Data?

Jun 22, 2023 By Shmuel Cohen In SafeBreach

As part of our ongoing commitment to conducting original research and maintaining an up-to-date Hacker’s Playbook, the SafeBreach Labs team is dedicated to uncovering new threats. My recent research focused on searching for vulnerabilities and design issues in the API security domain in line with this objective. As a result, we discovered a security vulnerability in the popular HR information system (HRIS) platform called HiBob.

Read Post

SafeBreach

Read more about HiBob - Can You Please Share Customers' Data?

CVSS 4.0 - What's New?

Jun 22, 2023 By Jeff Martin In Mend

The latest version of the Common Vulnerability Scoring System, CVSS 4.0, entered its public preview phase at the 35th annual FIRST conference put on by FIRST, the Forum of Incident Response and Security Teams. An international confederation of computer incident response teams, FIRST writes the CVSS specification that plays such an important role in identifying and cataloging software and application vulnerabilities.

Read Post