Fortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions. Tracked as CVE-2023-29183 (CVSS score of 7.3), the security defect is described as an “improper neutralization of input during web page generation”. Successful exploitation of the bug, Fortinet explains in an advisory, may allow an authenticated attacker to […]
Vulnerability of data and all-round cyber security in the Asia-Pacific (APAC) region is a growing concern. According to Raymond Teo, cyber leader at PwC South East Asia Consulting, data breaches are a pervasive menace. “As cyber threats continue to increase in frequency and sophistication, a holistic approach to cyber security has become a top priority […]
Sep 12, 2023THNSoftware Security / Vulnerability A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw “could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations,” Checkmarx security researcher Elad Rapoport said in a technical report […]
The US government has ordered all federal civilian agencies to patch a critical vulnerability in Apache RocketMQ, which is currently being exploited in the wild. The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-33246 to its Known Exploited Vulnerabilities Catalog. It means government agencies have until September 27 to apply a vendor patch to affected […]
Cisco on Wednesday announced patches for a critical-severity vulnerability in the BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks calling and collaboration platform was identified in the single sign-on (SSO) implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems. […]
Security researchers have discovered what they described as a critical vulnerability in the relatively widely used PHPFusion open source content management system (CMS). The authenticated local file inclusion flaw, identified as CVE-2023-2453, allows for remote code execution if an attacker can upload a maliciously crafted “.php” file to a known path on a target system. […]
WithSecure has unveiled a new security vulnerability in Mend.io’s application security platform today, raising concerns about data privacy and potential exploitation. Mend.io, a provider of application security solutions with over 1000 customers, has swiftly addressed the issue. The vulnerability centers on Mend.io’s implementation of the Security Assertion Markup Language (SAML) login option, a standard method […]
Today, DevOps is seen as a crucial way to reduce application vulnerability and increase speed to market by baking security into the development process.While the benefits are undisputed, the challenge to doing DevSecOps well lies in the ability to successfully integrate the previously distinct development and security structures within an organisation, talent shortages and effectively […]