%term

How to prevent OWASP API Top 10 security vulnerabilities? API attack prevention

Apr 22, 2021 By Cyphere In Cyphere

Broken object level authorization Broken user authentication Excessive data exposure Lack of resources and rate limiting Broken function level authorization Mass assignment Security misconfiguration Injection Improper assets management Insufficient logging and monitoring Cyphere is a UK-based cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.

View Video

Cyphere

Read more about How to prevent OWASP API Top 10 security vulnerabilities? API attack prevention

Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem

Apr 22, 2021 By Snyk In Snyk

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. In less than four minutes, you’ll learn how to use the readOnlyRootFilesystem control to keep your containers immutable and safe from modification by hackers and misbehaving code. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem

How to Future Proof Your System Against a Zero Day Exploit

Apr 22, 2021 By Nightfall In Nightfall

Earlier this year, Kaspersky researchers discovered a zero day exploit hidden in Desktop Windows Manager. The exploit, designated as CVE-2021-28310, is known as an escalation of privilege (EoP) exploit, which allows attackers to gain access or a higher-level user permission to systems and platforms than an administrator would permit. Though patches have since been released, it’s not yet known how extensive the damage from this zero day exploit is yet.

Read Post

Nightfall

Read more about How to Future Proof Your System Against a Zero Day Exploit

Streamlining Vulnerability Management with Splunk Phantom

Apr 22, 2021 By Kelly Huang In Splunk

Vulnerabilities are weaknesses in the security infrastructure that bad actors can exploit to gain unauthorized access to a private network. It is nearly impossible for security analysts to patch 100% of the vulnerabilities identified on any given day, but a vulnerability management plan can ensure that the highest risk vulnerabilities (those that are most likely to cause a data breach), will be addressed immediately.

Read Post

Splunk

Read more about Streamlining Vulnerability Management with Splunk Phantom

Urgent: 5 CVEs being exploited right now by SVR

Apr 20, 2021 By Edward Kost In UpGuard

The mastermind that orchestrated the SolarWinds attack may finally have a name. On Thursday, April 15th, the White House officially announced that the Russian Foreign Intelligence Service (SVR) - also known as APT 29, Cozy Bear, and The Dukes - was responsible for the campaign that exploited the SolarWinds Orion platform. But the attacks are not over yet. A joint advisory from the U.S.

Read Post

UpGuard

Read more about Urgent: 5 CVEs being exploited right now by SVR

4 ways Security and DevOps can collaborate to reduce application vulnerabilities

Apr 19, 2021 By Simon Roe In Outpost 24

Today's organisations are operating in a digital landscape filled with complexities and vulnerabilities. Increasingly, the applications and technologies businesses use to facilitate crucial business operations and connect people are at the mercy of cybercriminals - who are eager to attack from the shadows exploiting and stealing sensitive information held within these everyday applications. As such, security and DevOps teams need a collaborative approach to address and triage application vulnerabilities that continually present themselves - despite each team having different overall objectives.

Read Post

Outpost 24

Read more about 4 ways Security and DevOps can collaborate to reduce application vulnerabilities

Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

Apr 19, 2021 By Utsav Sanghani In Snyk

The Code Dx team is pleased to announce the general availability (GA) of Code Dx 5.3, which notably features an integration with Snyk to help customers integrate open source and container security into their continuous development processes. As we move toward a cloud native world, we’re working to ensure that developer-first tooling, secure cloud infrastructure, container security, and open source tools are fully integrated into Code Dx 5.3.

Read Post

Snyk

Read more about Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

OWASP Top 10: Insecure Deserialization Security Vulnerability Practical Overview

Apr 19, 2021 By Application Security Series In ImmuniWeb

Insecure Deserialization is #8 in the current OWASP Top Ten Most Critical Web Application Security Risks. It is difficult to exploit, but successful attacks can lead to remote code execution.

Read Post

ImmuniWeb

Read more about OWASP Top 10: Insecure Deserialization Security Vulnerability Practical Overview

Cybersecurity sketchnotes with Gavin Ashton: Evolution of the attack surface

Apr 19, 2021 By Netwrix In Netwrix

Watch the first episode of our new video series with cybersecurity expert Gavin Ashton. In this video Gavin covers the evolution of the attack surface and explains how to mitigate vulnerabilities.

View Video

Netwrix

Read more about Cybersecurity sketchnotes with Gavin Ashton: Evolution of the attack surface

Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

Apr 16, 2021 By Stefano Chierici In Sysdig

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines are affected as well, including Kubernetes and OpenShift.

Read Post