Xebia

AUGUST 7, 2023

Every new technology brings a unique set of benefits worth protecting and that’s where we, the security nerds, come in. You might think security consultants are constantly knee-deep in code, but that’s not always the case. We firmly believe that security must add value because if it doesn’t, why bother? Stay tuned.

Infrastructure 130

Infrastructure Weak Development Team Cloud Tools 130

CIO

SEPTEMBER 12, 2023

Copyright Issues: Enterprise employees use Generative AI to create content such as source code, images, and documents. Protecting the Enterprise So, what can security professionals do to properly safeguard the use of Generative AI tools by their employees?

Artificial Intelligence 328

Artificial Intelligence Artificial Inteligence Generative AI ChatGPT 328

CIO

OCTOBER 25, 2023

Zscaler Enterprises will work to secure AI/ML applications to stay ahead of risk Our research also found that as enterprises adopt AI/ML tools, subsequent transactions undergo significant scrutiny. For example, a backend developer who queries ChatGPT, “Can you take this [my source code for a new product] and optimize it?”

Generative AI 334

Generative AI Artificial Inteligence Enterprise ChatGPT 334

Tenable

MARCH 6, 2024

Two vulnerabilities with publicly available exploit code in JetBrains TeamCity on-premises software could result in attackers bypassing authentication and achieving code execution. With this level of access, the attacker could execute arbitrary code and abuse this access for a supply chain attack. and older.

Authentication 113

Authentication Malware Energy Groups 113

Tenable

APRIL 9, 2024

Important CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability CVE-2024-29988 is a security feature bypass vulnerability in Microsoft Defender SmartScreen. Successful exploitation would enable an attacker to “steal credentials and affect resources beyond the security scope managed by AKSCC.”

Azure 114

Azure Windows Internet Social 114

InfoWorld

FEBRUARY 22, 2024

GitHub’s AI-powered coding assistant, GitHub Copilot , may suggest insecure code when the user’s existing codebase contains security issues, according to developer security company Snyk. GitHub Copilot can replicate existing security issues in code, Snyk said in a blog post published February 22.

Development 94

Development Company 94

Tenable

APRIL 12, 2024

Background On April 12, Palo Alto Networks released a security advisory for a critical command injection vulnerability affecting PAN-OS, the custom operating system (OS) Palo Alto Networks (PAN) uses in their next-generation firewalls. According to the advisory, this vulnerability impacts PAN-OS versions 10.2,

Network 119

Network Firewall Software Review Systems Review 119

Tenable

FEBRUARY 13, 2024

Moderate CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen. Successful exploitation would bypass SmartScreen security features. Moderate March 2023 CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability 8.8

LAN 124

LAN Windows Azure Internet 124

Xebia

JANUARY 30, 2023

During this blog series we are going to look at different types of Application Security Testing (AST), Software Composition Analysis (SCA) and secret scanning. They are used to identify security vulnerabilities in applications. In the last blog of this series I will show you how you can use the tools in a CI/CD pipeline.

Applications 130

Applications Testing Software Review Analysis 130

Xebia

NOVEMBER 9, 2023

I saw an interesting demo showing Copilot asking LaunchDarkly if the selected code was actually feature-enabled or not. As you discuss code, you can generate issues with all the necessary details included, streamlining project tracking and management. No longer are you confined to Visual Studio (Code) for the chat functionality.

Software Review 130

Software Review Systems Review Generative AI .Net 130

Xebia

JANUARY 18, 2024

Deploy Secure Public Web Endpoints Welcome to Building Resilient Public Networking on AWS—our comprehensive blog series on advanced networking strategies tailored for regional evacuation, failover, and robust disaster recovery. Moreover, we’ve prepared a GitHub repository to complement this blog series.

AWS 147

AWS Network Load Balancer Software Review 147

Xebia

JUNE 19, 2023

Introduction Welcome to part three of the blog series about Application Security Testing. In part one of this series, we looked at Static Application Security Testing (SAST) and in part two at Dynamic Application Security Testing (DAST). First a brief explanation is given about IAST. This is done via an agent.

Applications 130

Applications Testing How To Tools 130

InnovationM

SEPTEMBER 7, 2023

As software developers, ensuring the quality of our code is paramount. Poorly written code can lead to bugs, vulnerabilities, and maintenance headaches. SonarLint is a powerful code quality tool that provides real-time feedback on your code as you write it, helping you catch and fix issues early in the development process.

Software Review 98

Software Review Weak Development Team Software Development Analysis 98

Lacework

DECEMBER 8, 2023

Welcome back to our Q&A series where we spotlight some of the innovative experts behind our code security solution. Today, we’re featuring Christien Rioux, an application security expert with more than 30 years of computer programming and software engineering experience. Q: What first sparked your interest in engineering?

Innovation 135

Innovation Applications Weak Development Team Engineering 135

Palo Alto Networks

MAY 7, 2024

New capabilities enable customers to counter AI with AI, secure AI by design and simplify security. To help our customers combat new threats while also leveraging the promise of efficient security, Palo Alto Networks is introducing Precision AI TM. AI is creating a security inflection point. What Is Precision AI?

Generative AI 84

Generative AI Firewall Network Enterprise 84

Tenable

OCTOBER 16, 2023

Background On October 16, Cisco’s Talos published a blog post warning of a zero-day vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software that has been exploited in the wild by unknown threat actors. At the time their blog was released, it was not known how they were able to do so.

Software Review 109

Software Review Systems Review Authentication Transportation 109

Palo Alto Networks

OCTOBER 31, 2023

Extending Code to Cloud™ Platform with Innovative Data Security for the Generative AI Era The digital landscape is undergoing a profound shift. As many large enterprises rely on hybrid cloud and multicloud environments, it is becoming increasingly challenging to know with confidence whether or not your data is secured.

Network 113

Network Generative AI Artificial Inteligence Cloud 113

Tenable

SEPTEMBER 27, 2023

CVE-2023–29357, CVE-2023–24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution. and rated critical.

Authentication 131

Authentication Research Video Analysis 131

Tenable

FEBRUARY 20, 2024

Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect Background The Tenable Security Response Team has put together this blog to answer Frequently Asked Questions (FAQ) regarding two vulnerabilities impacting ScreenConnect, a Remote Monitoring and Management (RMM) solution from ConnectWise.

Authentication 69

Authentication Research Cloud Data 69

Tenable

JANUARY 16, 2024

Proof of concept At the time this blog post was published, no public proof-of-concept (PoC) had been identified for either of these vulnerabilities. However, given the historical exploitation of Citrix Netscaler ADC and Gateway and the reported usage of these flaws as zero-days, we anticipate that exploit code may become available soon.

Authentication 116

Authentication Network Internet Virtualization 116

Tenable

APRIL 25, 2024

Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances. CVE-2024-20359 Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability 6.0 FAQ What is ArcaneDoor?

Malware 69

Malware Analysis Groups Testing 69

Prisma Clud

MAY 7, 2024

Generative AI's acceleration of software delivery is straining current approaches to cloud security, making scaling nearly impossible because, as Gartner points out , organizations don’t have the skilled resources to take it all on. Need to find out where your sensitive data is secure and who has access to it? How do you keep safe?

Cloud 52

Cloud Generative AI Resources Network 52

Tenable

OCTOBER 10, 2023

This vulnerability was exploited in the wild according to Microsoft, though no details have been shared at the time this blog post was published. Researcher Florian Hauser of Code White GmbH published a two-part blog series in September 2022 investigating Skype for Business 2019. and rated critical.

Windows 115

Windows Software Review Azure Systems Review 115

Palo Alto Networks

APRIL 19, 2024

On April 10, 2024 Palo Alto Networks Product Security Incident Response Team (PSIRT) learned of a suspicious exfiltration attempt at a customer site from Volexity's Steven Adair. Given our comprehensive code review, no other known changes are planned for our threat prevention signature for this issue. How Was It Exploited?

Firewall 132

Firewall Systems Review Malware Software Review 132

Tenable

JANUARY 10, 2024

Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors. Background On January 10, Ivanti released a security advisory for two zero-day vulnerabilities that were exploited in-the-wild in limited, targeted attacks.

Policies 72

Policies Authentication Analysis Network 72

David Walsh

MARCH 18, 2024

I still remember discovering HTML, CSS, and JavaScript coding. I still remember my first day at my first coding job, then my first day at my second coding job, and then my first day at Mozilla. I still remember my first day coding for MetaMask. Want to code a desktop app with web tech? How old are you in web?

Media 106

Media Software Engineering Mobile Social 106

Synopsys

OCTOBER 17, 2022

Using Code Sight and Rapid Scan Static, DevSecOps teams can identify vulnerabilities and fixes as they code without leaving the IDE. The post Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static appeared first on Application Security Blog.

Applications 122

Applications Testing Software 122

Lacework

AUGUST 14, 2019

Automation is key for so many reasons; it can help to speed up the security workflow, from alerting, to ticketing, to task assignment and remediation, it can help to combat threats in real-time and even enable you to impose policy as code. The post Enforce Security Through Policy-as-Code appeared first on Lacework.

Policies 26

Policies DevOps Company Cloud 26

Tenable

MARCH 8, 2024

Specifically, only 27% of respondents said their organizations have a policy for using AI safely and ethically, and only 15% have a policy for securing and deploying AI. Dive into six things that are top of mind for the week ending March 8. 1 - FBI: Critical infrastructure walloped by ransomware attacks in 2023 The number of U.S.

Infrastructure 115

Infrastructure Report Software Review Artificial Intelligence 115

InnovationM

JULY 6, 2023

In today’s digital world, security is a major concern, and 2-factor authentication (2FA) is one way to increase security. In this blog post, we will discuss how to implement 2FA in a Spring Boot application using Google Authenticator, a popular app that generates one-time codes.

Authentication 98

Authentication Applications Data How To 98

Prisma Clud

DECEMBER 1, 2022

Just one CI/CD misconfiguration can expose sensitive information and can then be used as an entry point for injecting malicious code and leaking sensitive data. Additionally, they found that 63% of infrastructure as code (IaC) templates contain misconfigurations , and 91% of container images contain high or critical security vulnerabilities.

Weak Development Team 91

Weak Development Team Software Review Software Open Source 91

Tenable

FEBRUARY 2, 2024

Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2. Background The Tenable Security Response Team has put together this blog to answer frequently Asked Questions (FAQ) regarding a security incident at AnyDesk. FAQ What is the incident being reported at AnyDesk?

Windows 66

Windows Linux Report System 66

Tenable

SEPTEMBER 12, 2023

Discovery of this flaw is credited to Valentina Palmiotti from IBM X-Force, Quan Jin and ze0r with DBAPPSecurity WeBin Lab and both the Microsoft Security Response Center (MSRC) and Microsoft Threat Intelligence. Palmiotti said in a post that a blog and exploit code for the vulnerability will “be released soon.”

LAN 119

LAN Windows 3D Azure 119

Tenable

APRIL 16, 2024

But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you. What is SLSA?

Software Review 69

Software Review Software Systems Review Guidelines 69

Tenable

MARCH 14, 2024

Fortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software. Critical At the time this blog was published, Fortinet’s advisory assigned a CVSSv3 score of 9.3 and also links to an advisory that is not currently available.

Software Review 66

Software Review Systems Review Authentication Infrastructure 66

Tenable

FEBRUARY 24, 2022

The tactical information shared in this blog is designed to help you prepare your digital response to these rapidly unfolding events. The tactical information shared in this blog is designed to help you prepare your digital response to these rapidly unfolding events. Kibana Arbitrary Code Execution. Background. Both the U.K.

Government 145

Government Malware Groups Telecommunications 145

Tenable

OCTOBER 27, 2023

View Change Log Background On October 25, Praetorian published a blog post warning of a newly discovered vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to execute code on affected devices. Organizations are encouraged to apply patches as soon as possible. The vulnerability received a CVSSv3 score of 9.8.

Authentication 73

Authentication Software Review Technical Review Systems Review 73