Vulnerability – Page 8 – OWASP Jakarta

Attack Surface Management vs. Vulnerability Management

Attack Surface Management vs. Vulnerability Management Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they’re not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while attack surface Read more

By adminowasp, 1 year ago

News

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining Cybersecurity researchers are warning that threat actors are actively exploiting a “disputed” and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. “This vulnerability allows attackers to take over Read more

By adminowasp, 1 year ago

News

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a Read more

By adminowasp, 1 year ago

News

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent Read more

By adminowasp, 1 year ago

News

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. “An unauthenticated threat Read more

By adminowasp, 1 year ago

News

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a Read more

By adminowasp, 1 year ago

News

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

GhostRace – New Data Leak Vulnerability Affects Modern CPUs A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race Read more

By adminowasp, 1 year ago

News

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may Read more

By adminowasp, 1 year ago

News

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows Read more

By adminowasp, 1 year ago

News

CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management

CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do. But if you are looking for ways to continuously reduce risk across your environment Read more

By adminowasp, 1 year ago