#VulnerabilityManagement

Why Cyber Teams Should Invest in Strong Communicators

by

July 5, 2024 at 10:21AM Cybersecurity professionals face complex challenges in protecting constantly evolving technology from adversaries. Cultivating a security-conscious culture demands excellent communication skills, enabling clear articulation of technical issues to diverse stakeholders. Active listening and transparent communication with external parties are crucial, while advancements in technology have lessened some technical requirements, emphasizing the … Read more

Blueprint for Success: Implementing a CTEM Operation

by

July 5, 2024 at 07:43AM The evolving attack surface poses a significant challenge to business security. Gartner introduced Continuous Threat Exposure Management (CTEM) as a solution, predicting 3 times less breaches for organizations that prioritize it. CTEM offers a comprehensive view of the attack surface, emphasizes vulnerability management and validation, and urges organizations to adapt … Read more

‘Almost every Apple device’ vulnerable to CocoaPods supply chain attack

by

July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

by

July 1, 2024 at 01:18PM Security flaws in CocoaPods were discovered, allowing attackers to hijack and insert malicious code into popular iOS and macOS applications, posing serious supply chain risks. The vulnerabilities were patched in October 2023, but the issues stemmed from a 2014 migration, leading to unclaimed pods and flawed verification processes. Downstream customers … Read more

New regreSSHion OpenSSH RCE bug gives root on Linux servers

by

July 1, 2024 at 09:39AM A new OpenSSH vulnerability, known as “regreSSHion,” allows unauthenticated remote attackers to gain root privileges on glibc-based Linux systems. If exploited, it could lead to severe consequences such as system takeover and data manipulation. The vulnerability affects OpenSSH servers on Linux from version 8.5p1 up to version 9.8p1 and can … Read more

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

by

July 1, 2024 at 08:06AM OpenSSH has issued security updates for a critical flaw enabling unauthenticated remote code execution with root privileges in glibc-based Linux systems. Dubbed CVE-2024-6387, the race condition bug affects versions 8.5p1 to 9.7p1, potentially leading to full system compromise. Users are urged to apply the latest patches and enforce network-based controls … Read more

MOVEit Transfer Flaws Push Security Defense Into a Race With Attackers

by

June 27, 2024 at 01:42PM Attackers have intensified attacks on Progress Software’s MOVEit file transfer application by exploiting new vulnerabilities, posing a significant threat to affected organizations. Despite available patches, organizations face challenges in quickly applying them due to the potential for adversaries to target their systems. A proof-of-concept exploit is in the wild, highlighting … Read more

Why attack surfaces are expanding

by

June 21, 2024 at 11:06AM Join Cloudflare and The Register for an exclusive cybersecurity webinar on June 25th to gain insights on the expanding attack surfaces, effective strategies to manage vulnerabilities, and real-world case studies from leading organizations. Don’t miss this opportunity to enhance your security posture. Register now to secure your spot. Based on … Read more

Asset Management Holds the Key to Enterprise Defense

by

June 13, 2024 at 08:26AM Security professionals emphasize the importance of comprehensive asset management to maintain organizational security. Challenges in obtaining accurate asset inventory have increased due to the complexity and scale of modern networks. Experts stress the need for efforts to identify and manage business-technology assets effectively, as poor visibility can lead to security … Read more

SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver

by

June 11, 2024 at 08:03AM SAP released ten new and two updated security notes, including high-priority fixes for cross-site scripting in Financial Consolidation and denial-of-service in SAP NetWeaver AS Java. Eight medium-severity vulnerabilities were also addressed in various products, with potential impacts like DoS, file uploads, information disclosure, and data tampering. Two low-severity issues were … Read more