Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV cata… Continue reading Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps

Synopsys released Synopsys fAST Dynamic, a new dynamic application security testing (DAST) offering on the Synopsys Polaris Software Integrity Platform. fAST Dynamic enables development, security, and DevOps teams to find and fix security vulnerabiliti… Continue reading Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps

How cybersecurity strategies adapt to evolving threats

Cybersecurity strategies are essential components of modern organizations, designed to protect digital assets, sensitive information, and overall business continuity from potential cyber threats. As technology advances, the complexity and frequency of … Continue reading How cybersecurity strategies adapt to evolving threats

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution. Cacti is often used in network oper… Continue reading SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

Security automation gains traction, prompting a “shift everywhere” philosophy

The use of automated security technology is growing rapidly, which in turn is propagating the “shift everywhere” philosophy – performing security tests throughout the entire software development life cycle – across more organizations, according to Syno… Continue reading Security automation gains traction, prompting a “shift everywhere” philosophy

Organizations’ serious commitment to software risk management pays off

There has been a significant decrease in vulnerabilities found in target applications – from 97% in 2020 to 83% in 2022 – an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming error… Continue reading Organizations’ serious commitment to software risk management pays off

Be prepared to patch high-severity vulnerability in curl and libcurl

Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead devel… Continue reading Be prepared to patch high-severity vulnerability in curl and libcurl

Keysight collaborates with Synopsys to secure IoT devices against attacks

Keysight Technologies and Synopsys are partnering to provide internet of things (IoT) device makers with a comprehensive cybersecurity assessment solution to ensure consumers are protected when devices are shipped to market. Under the arrangement, the … Continue reading Keysight collaborates with Synopsys to secure IoT devices against attacks

Infosec products of the month: August 2023

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Adaptive Shield, Bitdefender, Bitwarden, Forescout, ImmuniWeb, Kingston Digital, LastPass, Lineaje, LOKKER, Menlo Security, MongoDB, Netskope, NetSPI,… Continue reading Infosec products of the month: August 2023