Apache Superset, a data exploration and visualization platform that helps users build and visualize interactive dashboards, has been recently found vulnerable to an insecure default configuration issue. A recent vulnerability discovered in Apache Superset, CVE-2023-27524, has the potential to allow attackers to remotely execute code on vulnerable systems. In this post, we’ll discuss what CVE-2023-27524… Continue reading CVE-2023-27524 in Apache Superset: what you need to know
Every company strives to maintain the highest possible security for their products. Nonetheless, security vulnerabilities are bound to exist in any system. Identifying these vulnerabilities is therefore key. However, what an organization does with its vulnerability data varies from company to company based on its vulnerability disclosure policy. In this article, we define a vulnerability… Continue reading Vulnerability disclosure policy (and how to get it right)
Note on CVE-2021-44228 and CVE-2021-45046: On December 14, 2021, Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). Fortunately, the solutions described below address both CVE-2021-44228 and CVE-2021-45046, without the need to… Continue reading Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments
Note on Log4shell: On December 14, 2021 Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). If you are about to follow the vendors’ advisories and update your product – great –… Continue reading CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability
There’s a buzz in the vulnerability management market surrounding solutions to protect against Zero Day vulnerabilities – vulnerabilities that were previously unknown with no vendor patch available. While some may paint a picture of hoards of hackers looking to exploit undiscovered flaws, security teams must ask themselves: is focusing on Zero Day attacks really the… Continue reading How Dangerous is a Zero-Day Threat?
However you flip the number of recorded vulnerabilities in a given year, the number is at once humbling and noteworthy. We know that both actions – remediating all vulnerabilities and prioritizing a high-severity security flaw in a little-used, low-value system over a medium-severity security hole in a mission-critical system – leave your company’s most important… Continue reading Looking Back – The Top Vulnerabilities of 2018