Transitive vulnerabilities are developers’ most hated type of security issue, and for good reason. It’s complicated enough to monitor for and fix direct vulnerabilities throughout the software development lifecycle (SDLC). When software is dependent on third-, fourth-, and Nth-party components (and most software is), the longtail of risk can seem endless. To understand transitive vulnerabilities, […]

The post Managing Transitive Vulnerabilities appeared first on OX Security.

The post Managing Transitive Vulnerabilities appeared first on Security Boulevard.

In June 2023, a critical vulnerability (CVE-2023-34362) in the MOVEit Transfer file transfer software was exploited by adversaries, resulting in a series of high-profile data breaches. Despite the availability of patches, and the vulnerability being publicly known and actively exploited, many organizations failed to prioritize its remediation. This lapse allowed attackers to gain unauthorized access […]

The post From Risk to Resolution: OX Security’s Integrations with KEV and EPSS Drive Smarter Vulnerability Prioritization appeared first on OX Security.

The post From Risk to Resolution: OX Security’s Integrations with KEV and EPSS Drive Smarter Vulnerability Prioritization appeared first on Security Boulevard.

A new threat actor group known as Gitloker has launched an alarming campaign that wipes victims’ GitHub repositories and attempts to extort them. Victims are finding their repositories erased, replaced only by a solitary README file bearing the message: “I hope this message finds you well. This is an urgent notice to inform you that […]

The post Proactive Application Security: Learning from the Recent GitHub Extortion Campaigns appeared first on OX Security.

The post Proactive Application Security: Learning from the Recent GitHub Extortion Campaigns appeared first on Security Boulevard.