vulnerability management

Tenable Nessus Bug and LDAP RCE: What You Need to Know

Tenable Nessus Bug and LDAP RCE: What You Need to Know 2025-01-07 at 12:48 By Ashish Khaitan Overview  JoCERT has alerted the global cybersecurity community about two critical issues requiring urgent attention from IT professionals and system administrators. The first involves Tenable Nessus Agents, a widely-used vulnerability scanning tool, while the second concerns a critical […]

Tenable Nessus Bug and LDAP RCE: What You Need to Know Read More »

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers 2025-01-03 at 14:33 By Ashish Khaitan Overview  Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Vulnerability Insights report, offering a detailed overview of the critical vulnerabilities discovered between December 25, 2024, and December 31, 2024. The report highlights key security threats

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers Read More »

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services 2025-01-03 at 12:36 By Ashish Khaitan Overview  The Indian Computer Emergency Response Team (CERT-In) has issued an alert regarding a critical security vulnerability in the WPForms plugin for WordPress. The flaw, identified as CVE-2024-11205, could allow attackers to bypass authorization controls and

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services Read More »

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls 

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  2025-01-02 at 14:30 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393, a Palo Alto Networks PAN-OS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts the DNS Security feature

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  Read More »

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation 2024-12-31 at 14:51 By Ashish Khaitan Overview The Cybersecurity and Infrastructure Security Agency (CERT-In) released an urgent vulnerability note (CIVN-2024-0360) concerning several critical VibeBP vulnerabilities . These vulnerabilities in VibeBP pose online risk to website owners using affected versions, and they could lead to

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation Read More »

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 2024-12-31 at 10:56 By Ashish Khaitan Overview  The Cyber Security Agency of Singapore (CSA) has alerted users of multiple vulnerabilities in Apache software. According to the alert, three Apache vulnerabilities have been reported, including CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. In late 2024, the Apache

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 Read More »

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges 2024-12-02 at 07:12 By Mirko Zorz In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges Read More »

The effect of compliance requirements on vulnerability management strategies

The effect of compliance requirements on vulnerability management strategies 2024-11-29 at 07:34 By Mirko Zorz In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements and how automation can streamline vulnerability management processes. Why

The effect of compliance requirements on vulnerability management strategies Read More »

NIST is chipping away at NVD backlog

NIST is chipping away at NVD backlog 2024-11-14 at 16:33 By Zeljka Zorz The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the NVD The

NIST is chipping away at NVD backlog Read More »

Risk hunting: A proactive approach to cyber threats

Risk hunting: A proactive approach to cyber threats 2024-10-30 at 07:34 By Help Net Security Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn. Just consider

Risk hunting: A proactive approach to cyber threats Read More »

Defenders must adapt to shrinking exploitation timelines

Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,

Defenders must adapt to shrinking exploitation timelines Read More »

Strengthening Kubernetes security posture with these essential steps

Strengthening Kubernetes security posture with these essential steps 2024-10-16 at 07:01 By Mirko Zorz In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many security risks in Kubernetes originate from vulnerable container images.

Strengthening Kubernetes security posture with these essential steps Read More »

EU adopts Cyber Resilience Act to secure connected products

EU adopts Cyber Resilience Act to secure connected products 2024-10-11 at 14:17 By Zeljka Zorz The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA outlines EU-wide cybersecurity standards for digital products, i.e. products that are

EU adopts Cyber Resilience Act to secure connected products Read More »

Best practices for implementing threat exposure management, reducing cyber risk exposure

Best practices for implementing threat exposure management, reducing cyber risk exposure 2024-10-04 at 07:16 By Mirko Zorz In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising from expanded attack surfaces

Best practices for implementing threat exposure management, reducing cyber risk exposure Read More »

Detecting vulnerable code in software dependencies is more complex than it seems

Detecting vulnerable code in software dependencies is more complex than it seems 2024-09-18 at 07:31 By Mirko Zorz In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional software composition analysis (SCA) solutions

Detecting vulnerable code in software dependencies is more complex than it seems Read More »

Trends and dangers in open-source software dependencies

Trends and dangers in open-source software dependencies 2024-09-16 at 06:01 By Help Net Security A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value in this critical area, according to Endor Labs. The research

Trends and dangers in open-source software dependencies Read More »

Managing low-code/no-code security risks

Managing low-code/no-code security risks 2024-09-03 at 07:31 By Help Net Security Continuous threat exposure management (CTEM) – a concept introduced by Gartner – monitors cybersecurity threats continuously rather than intermittently. This five-stage framework (scoping, discovery, prioritization, validation, and mobilization) allows organizations to constantly assess and manage their security posture, reduce exposure to threats, and integrate

Managing low-code/no-code security risks Read More »

Vulnerability prioritization is only the beginning

Vulnerability prioritization is only the beginning 2024-08-23 at 07:30 By Help Net Security To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat intelligence information.

Vulnerability prioritization is only the beginning Read More »

How network segmentation can strengthen visibility in OT networks

How network segmentation can strengthen visibility in OT networks 2024-08-08 at 07:31 By Help Net Security What role does the firewall play in the protection of operational technology (OT) networks and systems? Many would say that it’s the defensive mechanism to protect that environment from IT and the outside world. For the operators responsible for

How network segmentation can strengthen visibility in OT networks Read More »

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise 2024-08-07 at 06:01 By Help Net Security Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate security

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise Read More »

Scroll to Top