The Importance of Managing Your Data Security Posture
Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do you manage it?
Data security posture management (DSPM) became mainstream following the publication
Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do you manage it?
Data security posture management (DSPM) became mainstream following the publication
Nessus Vulnerability Let Attackers Alter Rules Variables
An arbitrary file write vulnerability has been discovered in Nessus, which allows an authenticated, remote attacker to perform a denial of service condition on affected installations. This vulnerability has been assigned with CVE-2023-6062, and a severity rating was added.
Nessus has released patches to fix this vulnerability and has urged its users to patch them accordingly.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
CVE-2023-6062: Arbitrary File Write Vulnerability in Nessus
This vulnerability allows an authenticated, remote attacker with administrative privileges on a Nessus application to alter Nessus Rules variables and overwrite arbitrary files on the remote host that could cause denial of service conditions.
Ammarit Thongthua and Sarun Pornjarungsak of the Secure D Research Team reported this vulnerability. The severity rating for this vulnerability is 6.8 (Medium).
There is no evidence of this vulnerability being exploited by threat actors in the wild, nor has a publicly available exploit been found.
According to Nessus, Tenable first reported this vulnerability on 26th October and was confirmed to be valid on 30th October 2023. CVE-2023-6062 was requested, and the score was calculated on 09-11-2023. Nessus acted swiftly upon this report and patched this vulnerability on 16th November 2023.
Products of Nessus affected by this vulnerability include all the Nessus 10.5.6 and earlier installations. To fix this vulnerability, users are recommended to upgrade to version 10.5.7 or later versions (10.6.3) to prevent this vulnerability from getting exploited by threat actors.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
Microsoft on Tuesday released updates to address a total of 132 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild.
Of the 132 vulnerabilities, nine are rated Critical, 122 are rated Important in severity, and one has been assigned a severity rating of "None." This is in addition to eight flaws the tech giant patched in Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Generative AI tools such as OpenAI’s ChatGPT and Microsoft’s Copilot are becoming part of everyday business life. But they come with privacy and security considerations you should know about. Read More