Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

New Research from Snyk and The Linux Foundation Reveals Significant Security Concerns Resulting from Open Source Software Ubiquity

Jun 21, 2022 By Snyk In Snyk
The State of Open Source Security Highlights Many Organizations Lacking Strategies to Address Application Vulnerabilities Arising from Code Reuse.
Read Post
Forescout

OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT

Jun 21, 2022 By Vedere Labs In Forescout

It has been 10 years since Project Basecamp, a research project conducted by Digital Bond that investigated how critical operational technology (OT) devices and protocols were, to use the term they coined, “insecure by design.” Since then, we have seen hugely impactful real-world OT malware such as Industroyer, TRITON, Industroyer2 and INCONTROLLER abusing insecure-by-design functionality.

Read Post
kroll

CVE-2021-43702 from Discovery to Patch: ASUS Modem/Router Device Takeover Vulnerability

Jun 21, 2022 By Kroll In Kroll

While studying for my master's degree in cyber security, I co-authored a paper regarding the rollout of IoT devices and the security considerations that businesses need to address to ensure these devices are secure. The paper underscored how a large majority of IoT devices used vulnerable components and did not follow basic secure programming principles.

Read Post
Snyk

Announcing the 2022 State of Open Source Security report from Snyk and the Linux Foundation

Jun 21, 2022 By Megan Moore In Snyk

Open source software is a key component in modern applications. It has created a new era in software development, promoting a free exchange of ideas within the developer community and enabling developers to build more functional software, faster than ever. Based on most estimates, 70-90% of any piece of modern software includes open source code.

Read Post
Featured Post
Snyk

How to decide what to fix when you can't fix everything

Jun 17, 2022 By Tal Dromi, Product Manager In Snyk
Contributing to a legacy software development project, as a security-aware developer, is a bit like inheriting an old house. In my old house, the roof is missing tiles, the bathroom taps are dripping, the front door doesn't lock properly, the hallway needs redecorating and there are worrying cracks in the foundations. I don't know where to start. The security problems with the application I've recently (hypothetically) joined are similarly vexing and diverse. It has deprecated dependencies to older versions of software libraries. It could be misconfigured using insecure protocols.
Read Post
Trustwave

The Importance of White-Box Testing: A Dive into CVE-2022-21662

Jun 17, 2022 By Trustwave In Trustwave

I want to take some time to explain the importance of using a white-box approach when testing applications for vulnerabilities. To help in this endeavor, I will use a real-world example to demonstrate how researchers (in this case Karim El Ouerghemmi and Simon Scannell) *may* have found a vulnerability in WordPress (CVE-2022-21662 a 2nd order stored XSS) and how you, as a security researcher, can also use a white-box approach to find an exotic XSS vulnerability.

Read Post
Arctic Wolf

The Most Commonly Mixed-Up Security Terms: Learn the Differences Between Asset, Threat, Vulnerability, and Risk

Jun 17, 2022 By Sule Tatar In Arctic Wolf
The cybersecurity landscape is complex enough without the lack of a common vocabulary. But, often, organizations use common security terms incorrectly or interchangeably. This leads to confusion, which leads to frustration, which can lead to something much, much worse. Something like a breach. Let’s take a moment, then, to review the four most commonly mixed-up and misused security terms in the cybersecurity world.
Read Post
Arctic Wolf

CVE-2022-27511 - Critical Vulnerability in Citrix Application Delivery Management

Jun 16, 2022 By Sule Tatar In Arctic Wolf
On Tuesday, June 14, 2022, Citrix released patches for multiple vulnerabilities, including CVE-2022-27511, an unauthenticated remote privilege escalation vulnerability affecting Citrix Application Delivery Management (ADM). The vulnerability allows an unauthenticated user to remotely corrupt an affected system to reset the administrator password at the next device reboot. Successful exploitation allows a threat actor to gain initial access using the default credentials via SSH after a device reboot.
Read Post
sumologic

Follina - CVE-2022-30190

Jun 16, 2022 By Threat Labs In Sumo Logic
Monday, May 30th, 2022, Microsoft issued CVE-2022-30190 for a Remote Code Execution vulnerability with the Microsoft Support Diagnostic Tool (MSDT) in Windows: “A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.
Read Post
Arctic Wolf

CVE-2022-30190 - Updated Guidance for MSDT Remote Code Execution Zero-Day Vulnerability in Windows

Jun 16, 2022 By Sule Tatar In Arctic Wolf
On Friday, May 27, Security vendor nao_sec identified a malicious document leveraging a zero-day RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT). The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.