Operations | Monitoring | ITSM | DevOps | Cloud

Vulnerability

Chrome Zero Day: Find vulnerable devices for patching

Mar 30, 2022 By InvGate In InvGate
Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well. Therefore, if you haven’t already, you should check your browser details to check if it’s updated to version 99.0.4844.84 of Chrome or version 99.0.1150.55 or higher of Edge. Matt Beran shows you how you can find vulnerable devices across your inventory for proactive patching using InvGate Insight.
View Video
InvGate

Chrome zero-day: find devices with vulnerabilities across your inventory

Mar 30, 2022 By InvGate In InvGate
If you’re an asset manager or an application administrator, you must have had - or are about to have - a lot of work since there’s a new Chrome zero-day vulnerability in the wild. Google issued an emergency security update due to the severity of exploit CVE-2022-1096. A few days later, Microsoft joined the recommendation, advising Chromium Edge users to update their browsers as well.
Read Post
coralogix

Splunk Indexer Vulnerability: What You Need to Know

Mar 29, 2022 By Chris Cooney In Coralogix

A new vulnerability, CVE-2021-342 has been discovered in the Splunk indexer component, which is a commonly utilized part of the Splunk Enterprise suite. We’re going to explain the affected components, the severity of the vulnerability, mitigations you can put in place, and long-term considerations you may wish to make when using Splunk.

Read Post
ivanti

How to Mitigate CVE-2022-0847 (The Dirty Pipe Vulnerability)

Mar 16, 2022 By Charlie Rasch In Ivanti

Dirty Pipe vulnerability is a Linux kernel vulnerability that allows the ability of non-privileged users to overwrite read-only files. The vulnerability is due to an uninitialized “pipe_buffer.flags” variable, which overwrites any file contents in the page cache even if the file is not permitted to be written, immutable, or on a read-only mount, including CD-ROM mounts. The page cache is always writable by the kernel and writing to a pipe never checks any permissions.

Read Post
jfrog

DirtyPipe (CVE-2022-0847) - the new DirtyCoW?

Mar 9, 2022 By Itay Vaknin In JFrog
A few days ago, security researcher Max Kellermann published a vulnerability named DirtyPipe which was designated as CVE-2022-0847. This vulnerability affects the Linux kernel and if exploited, can allow a local attacker to gain root privileges. The vulnerability gained extensive media follow-up, since it affects all Linux-based systems with a 5.8 or later kernel, without any particular exploitation prerequisites.
Read Post
jfrog

JFrog Discloses 5 Memory Corruption Vulnerabilities in PJSIP - A Popular Multimedia Library

Mar 1, 2022 By Uriya Yavniely In JFrog
JFrog’s Security Research team is constantly looking for new and previously unknown security vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered 5 security vulnerabilities in PJSIP, a widely used open-source multimedia communication library developed by Teluu. By triggering these newly discovered vulnerabilities, an attacker can cause arbitrary code execution in the application that uses the PJSIP library.
Read Post

SAP HotNews and CVE kernel patch: Securing your SAP systems

Feb 24, 2022 By Avantra In Avantra
New ICMAD bugs require immediate attention and patching for SAP systems The dust has not yet settled on the CVSSv3 10.0 score Log4j security vulnerability that hit in December 2021. Last week, a new group of three security vulnerabilities were published by SAP, which all relate to SAP’s Internet Communication Manager (ICM or ICMAD). Once again, one of these vulnerabilities has a CVSS v3.0 base score of 10/10. In contrast to Log4j, the latest threats only impact SAP customers, but they need immediate attention.
View Video
opsramp

How We Used Our Own Platform Capabilities to Prevent Log4j Attacks and Protect Customers

Feb 22, 2022 By Manjunath M In OpsRamp

In December, information security researchers discovered a serious vulnerability in the popular open-source logging library, Log4j. If exploited, this vulnerability, known as Log4Shell, could allow malicious attackers to execute code remotely on any targeted computer. Millions of computers use Log4j. According to one study, 93% of all cloud environments are affected by the vulnerability.

Read Post
virtualmetric

How To Detect and Prevent Zero-Day Vulnerabilities With Smart Infrastructure Monitoring Tool

Feb 16, 2022 By Antonia Shehova In VirtualMetric

“End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare.”, federal cybersecurity CTO Matt Keller says. Ensuring a high level of security for your IT infrastructure and being sure you have not missed something is hard to arrange during these days. A zero-day exploit happens when hackers identify a software weakness or a security gap and take advantage of it to perform a cyberattack.

Read Post
appdynamics

Log4j vulnerability highlights the value of a combined security and observability approach

Feb 15, 2022 By Randy Birdsall In AppDynamics

When we launched AppDynamics with Cisco Secure Application in early 2021, it was the industry’s first integrated application performance management (APM) and runtime application security offering. We made a bold bet that consolidated monitoring would become increasingly important and provide significant benefits such as improved security capabilities and reduced costs. It was the right bet.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.