Security News
A new vulnerability found in GoLang-based applications allows a threat actor to bypass validations under certain conditions and gain unauthorized access to cloud-native applications, Oxeye researchers have found. The source of "ParseThru" - as the newly discovered vulnerability has been dubbed - is the use of unsafe URL parsing methods built in the language.
Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563, the "Vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera," Nozomi Networks said in a Thursday report.
A week after Atlassian rolled out patches to contain a critical flaw in its Questions For Confluence app for Confluence Server and Confluence Data Center, the shortcoming has now come under active exploitation in the wild.The bug in question is CVE-2022-26138, which concerns the use of a hard-coded password in the app that could be exploited by a remote, unauthenticated attacker to gain unrestricted access to all pages in Confluence.
Palo Alto Networks' annual Unit 42 incident response report is out, warning of an ever-decreasing gap between vulnerability disclosures and an increase in cybercrime. "The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," the vendor says.
Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or multiple reports, especially when many teams are involved in the organization. While it is well known that vulnerability patching is extremely important, it is also challenging to patch vulnerabilities effectively.
How bad can it be? Find out with this webinar Webinar If you realized software you'd developed contained a vulnerability that left you – and your customers - open to cyber-attack what should your...
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default.
Beating these criminals means staying one step ahead and using the most comprehensive and responsive vulnerability detection support you can. A vulnerability scanner checks your systems for security flaws that can be used to steal data or sensitive information or generally cause disruption to your business.
The Cyber Safety Review Board recently labeled the Log4j security exploit as an 'endemic vulnerability' that will linger for years, according to a report released on Jul 11, 2022. "At some point, we're going to see even more visible use of Software Bill of Materials reports. Just as the FDA expects consumers to be able to stay informed about what they're putting in their bodies by way of standardized nutrition facts labels with clear lists of ingredients, businesses and other entities using software will want-and ultimately need-transparency about what goes into the software they're using."
Researchers from Wordfence have sounded the alarm about a "Sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, permitting attackers to seize control of affected WordPress sites.