JFrog emphasizes the need for a comprehensive overhaul of vulnerability risk metrics. ANALYSIS Recent research has shed light on the shortcomings of the current CVSS scoring system, indicating that existing metrics may be inflating the severity of certain vulnerabilities. The so-called “overinflated” ratings are potentially consuming precious resources of cybersecurity teams, diverting their attention from…
John Leyden 22 February 2023 at 14:23 UTC A patch has been released to address a critical vulnerability affecting various technologies. A significant security flaw found in a popular anti-malware scanning tool has posed serious risks to products from the networking giant Cisco. This flaw, identified in the ClamAV library (designated as CVE-2023-20032), creates a…
Jessica Haworth-Elsayed 24 February 2023 at 13:09 UTC Updated: 27 February 2023 at 15:32 UTC Your biweekly summary of Application Security vulnerabilities, emerging hacking methods, and important cybersecurity updates. This week, Twitter has come under fire as Elon Musk’s platform declared that SMS-based two-factor authentication (2FA) will now be exclusive to its paying subscribers. Historically,…
Jessica Haworth-Elsayed 24 February 2023 at 13:09 UTC Updated: 27 February 2023 at 15:32 UTC Your biweekly summary of AppSec vulnerabilities, emerging hacking methods, and significant cybersecurity developments. This week, Twitter faced criticism as Elon Musk’s platform announced that SMS-based two-factor authentication (2FA) will now be available only to subscribers. Previously, the social media platform…
Ben Dickson 27 February 2023 at 11:50 UTC Recent findings revealed that protections against cross-site request forgery (CSRF) may be circumvented. A recently addressed vulnerability within the Chromium project could enable malicious entities to bypass security features intended to protect sensitive cookies on Android browsers. The SameSite attribute allows developers to limit cookie access. For…
Ben Dickson 27 February 2023 at 11:50 UTC Recent findings suggest vulnerabilities in cross-site request forgery protections. A recently patched bug in the Chromium project poses a risk for malicious actors, enabling them to bypass a crucial security feature that safeguards sensitive cookies within Android browsers. The SameSite attribute allows developers to control cookie access,…
Ben Dickson 27 February 2023 at 11:50 UTC Recent vulnerabilities have raised concerns about the effectiveness of cross-site request forgery protections. A recently patched issue within the Chromium project has revealed a potential weakness that could allow attackers to circumvent security mechanisms designed to safeguard sensitive cookies on Android web browsers. The SameSite attribute is…
Ben Dickson 27 February 2023 at 11:50 UTC Recent advancements in security measures against cross-site request forgery have revealed potential vulnerabilities that could be exploited. A recently patched vulnerability within the Chromium project has the potential to allow malicious individuals to bypass a protective feature designed to safeguard sensitive cookies on Android browsers. The SameSite…
The second installment of our password manager series explores advanced solutions suitable for businesses to manage API tokens, login details, and much more. Modern businesses operate numerous servers, services, applications, APIs, containers, and other technologies. To protect these assets, organizations require tools for managing sensitive information, such as passwords, encryption keys, SSH (Secure Shell) keys,…
The second installment of our password manager series delves into enterprise-level technology designed to effectively manage API tokens, login credentials, and similar resources. Modern organizations operate a vast array of servers, services, applications, APIs, containers, and other technologies. To safeguard these resources, organizations require tools to manage sensitive information, encompassing passwords, encryption keys, SSH (secure…
