Application Security Exploit Code Published for Remote Root Flaw in VMware Logging Software VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. Ryan NaraineJuly 10, 2023
Application Security OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain SwSec 5D framework aims to provide a roadmap for secure software development, and its use would help improve security in the software supply chain. Kevin TownsendJuly 7, 2023
Application Security Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada. Ryan NaraineJuly 6, 2023
Application Security MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. Ionut ArghireJune 30, 2023
Application Security Nokod Snags $8M to Secure Low Code/No-Code Custom Apps Tel Aviv startup scores investment to build technology to secure in-house low-code/no-code custom applications. Ryan NaraineJune 29, 2023
Application Security CISA, NSA Share Guidance on Securing CI/CD Environments New guidance from CISA and the NSA provides recommendations on securing CI/CD pipelines against malicious attacks. Ionut ArghireJune 29, 2023
Application Security Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. Ionut ArghireJune 21, 2023
Application Security Fake Security Researcher Accounts Pushing Malware Disguised as Zero-Day Exploits Fake security researcher accounts seen distributing malware disguised as Chrome, Signal, WhatsApp, Discord and Exchange zero-day exploits. Eduard KovacsJune 15, 2023
Application Security Patch Tuesday: Critical Flaws in Adobe Commerce Software Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks. Ryan NaraineJune 13, 2023
Application Security US Government Provides Guidance on Software Security Guarantee Requirements OMB has published new guidance on federal agencies obtaining security guarantees from software vendors. Ionut ArghireJune 12, 2023
Application Security In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption Cybersecurity news that you may have missed this week: AI regulation, layoffs, US aerospace malware attacks, and post-quantum encryption. Eduard KovacsJune 9, 2023
Application Security VMware Plugs Critical Flaws in Network Monitoring Product VMware ships urgent patches to cover security defects that expose businesses to remote code execution attacks. Ryan NaraineJune 7, 2023