Tran Hoang PhongforFIS Securityblog.fiscybersec.com·19 hours agoCVE-2024-36991 - Lỗ hổng nghiêm trọng trên Splunk có thể bị khai thác để đọc tất cả file trên hệ thốngCác nhà nghiên cứu bảo mật đã đưa ra cảnh báo về một lỗ hổng Splunk Enterprise có thể cho phép kẻ tấn công đọc mọi file trên hệ thống. Lỗ hổng nghiêm trọng hơn so với lúc ban đầu nó xuất hiện và có thể bị khai thác bằng một GET request đơn giản. 1. C...DiscussNewslettersCVE
Kunal VermaforKubesimplifyblog.kubesimplify.com·Jul 12, 2024Building a Zero CVE StrategyWith the increase in software complexity and as digital threats evolve (as discussed in our previous blog) in today’s digital age, the organizations are facing a massive increase in number of security vulnerabilities. According to the Coalition Cyber...Discuss·2 likes·152 readsCVE
Nicolás GeorgerforSREDevOps.orgsredevopsorg.hashnode.dev·Jul 8, 2024Chequea Kubernetes con Popeye! Seguridad, configs, problemas y más con Popeye CLI (Además es open source y liviano!)TL/DR; ¿Cansado de revisar manualmente tu clúster de Kubernetes para encontrar problemas? Popeye es como un chequeo de salud para tu clúster, encontrando posibles problemas con tus configuraciones y uso de recursos. Es una herramienta de línea de co...Discussapps
Nicolás GeorgerforSREDevOps.orgsredevopsorg.hashnode.dev·Jul 2, 2024Vulnerabilidade crítica em OpenSSH "regreSSHion", cheque se você está em riscoTL/DR; Uma vulnerabilidade crítica (CVE-2024-6387), apelidada de "regreSSHion", ressurgiu nas versões do servidor OpenSSH 8.5p1 a 9.8p1, o que poderia permitir a execução remota de código como root sem autenticação em sistemas Linux vulneráveis. Est...Discussbrasil
Nicolás GeorgerforSREDevOps.orgsredevopsorg.hashnode.dev·Jul 1, 2024Vulnerabilidad crítica en OpenSSH "regreSSHion", chequea si estás en riesgoTL/DR; Una vulnerabilidad crítica (CVE-2024-6387), apodada "regreSSHion", ha resurgido en las versiones del servidor OpenSSH 8.5p1 a 9.8p1, lo que podría permitir la ejecución remota de código como root sin autenticación en sistemas Linux vulnerable...DiscussCVE
Nicolás GeorgerforSREDevOps.orgsredevopsorg.hashnode.dev·Jun 29, 2024¿Cómo la nueva Ley de Ciberseguridad Chilena (Ley Nº 21.663) le afecta a mi empresa?, ¿Cuánto tiempo queda?, ¿Qué debo hacer?TL;DR Chile acaba de publicar una nueva ley de ciberseguridad (Ley 21.663) que exige a las empresas que proveen servicios esenciales, como la salud, la energía y las finanzas, implementar medidas de seguridad y certificaciones para el año 2025. Si n...Discusschile
Sergio Medeirosgrumpz.net·Jun 12, 2024CVE-2024-37629: Simple XSS Payload Exploits 0day Vulnerability in 10,000 Web AppsLate one night, after working on a couple of bug bounty platforms, I decided to revisit a CVE I found last month. I realized that the web application had implemented the Summernote WYSIWYG Editor, which was the root cause of the stored XSS vulnerabil...Discuss·11 likes·1.2K readsbugbounty
Saiyam PathakforKubesimplifyblog.kubesimplify.com·Jun 10, 2024Announcing BuildSafe: Your Path to Secure Software Supply ChainIn today's software era, security is paramount. The frequency and severity of supply chain attacks, from log4j to SolarWinds, have underscored the need for robust security measures. Governments and enterprises alike are enforcing stringent regulation...Discuss·10 likes·73 readsbuildsafe
RivanorthProblog.rivanorth.com·May 31, 2024Vulnerability Report: June 2024Welcome to the monthly Vulnerability Report. In this report, we provide an overview of the most significant security vulnerabilities identified in the past month. Our focus is on vulnerabilities that are being actively exploited, which pose the bigge...DiscussSecurity AdvisorySecurity
Mike GormanforOpenZiti Tech Blogblog.openziti.io·May 22, 2024How to Prevent Path Traversal Attacks with OpenZiti BrowZerThe web has revolutionized how the world operates, enabling everything from banking and shopping to social media and general business transactions. However, as with all technological advancements, malicious actors quickly found ways to exploit the we...Discuss·1 like·142 readsSecurity