Let's learn about Vulnerabilities via these 58 free stories. They are ordered by most time reading created on HackerNoon. Visit the /Learn Repo to find the most read stories about any technology.
1. CVE-2022-42856: Adjoining Splittail Vulnerability Report
A look at CVE-2022-42856, reported by Apple as a vulnerability under active exploitation.
2. What is Broken Access Control and Why Should You Care?
With broken access control being one of the most prevalent weaknesses for web applications, it’s important to not only understand it, but to prevent it also.
3. Command and Control Frameworks in a Nutshell
A glimpse over Command and Control attacks and frameworks, how they happen, and how they can affect our daily lives.
4. How to Exploit Prototype Pollution?
Prototype Pollution is a JavaScript related vulnerability. This article explains how it works and how to exploit it bypassing security checks of the app.
5. CVE-2022-31705: Bridged Creek Vulnerability Report
Information on the CVE-2022-31705 critical sandbox escape vulnerability announced by VMWare.
6. Check Point Security Breach: A Leading Cybersecurity Company Has Been Breached
Check Point, which bills itself as the leader in cybersecurity solutions, has been breached. Data records of over 5k ZoneAlarm forum users have been hacked.
7. Building a Web Vulnerability Scanner
In May this year I was part of a team that launched SecAlerts, a free security product that sends subscribers a customised weekly report of vulnerabilities and security news relevant to their software stack. The service was deliberately made a low-barrier of entry way to keep users informed and, as it nears 1,000 subscribers, the decision to 'keep it simple' appears to have merit.
8. Key Questions to Ask your DevOps Teams About Containers and Kubernetes
DevOps teams are responsible for balancing two important forces in their organizations’ software development efforts: shorter delivery cycle times for applications that continue to increase in size and diversity.
9. API Architecture: Components and Best Practices
While API Architecture and API Design are different, when it comes to securing them, both need to be kept in focus.
10. Common Web Security Vulnerabilities
In the movies, hacking is like fast keyboard typing and hitting the Enter but in the real world, hackers find and exploit vulnerabilities to hack websites.
11. There Are More Risks Associated With SaaS Data Security Than Potential GDPR Fines
The growing reliance on SaaS business calls for an improvement in security. On occasions, data security can be of existential importance to organizations.
12. Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)
MetaMask and Phantom said today that they had patched a security flaw that could, in some cases, allow attackers to obtain mnemonic phrases.
13. Safe Storage: Hacks vs. Vulnerabilities
Vulnerabilities found in hardware wallets is to be expected. All systems are hackable. The safest place for your coins is still your private keys.
14. Military Grade Encryption Won’t Save You, or Your Business
With two recent vulnerabilities making headlines this month, notably CVE-2019-14899, impacting VPNs running on Linux distros and Atlassian’s zero-day flaw reported by SwiftOnSecurity concerning leak of private keys, it should be no surprise anymore as to why encryption merely breeds a feeling of security rather than guaranteeing it.
15. How to fix Security Vulnerabilities in NPM Dependencies in 3 Minutes
Hola people!!! 🥑
16. Common Vulnerabilities and Exposures - Top Offenders in 2019
In 2018, the #1 spot on the "Top 10 Software with the Most CVEs" list went to Debian Linux, with 1197.
17. 5 CSRF Vulnerabilities Known For Highest Bounty Rewards
If you don’t know, a bug bounty program is a modern strategy to encourage the public to find and report bugs or vulnerabilities in software — especially the security bugs that may be misused by cybercriminals. Most of the big technology companies like Facebook, Google, and Microsoft employ bug bounties.
18. Improving Open-source Software Security for Java Developers
How can security be stepped up for the open-source Java ecosystem? Enforcing automated scans before components are published is one of the ways.
19. Newest Malware from China
“I think malware is a significant threat because the mitigation, like antivirus software, hasn’t evolved to a point to mitigate the risk to a reasonable degree.” Kevin Mitnick
20. 3 Types of Security Policies You Can Use with Your Kubernetes Pods
On August 20, 2020, a provider of access management tools released an advisory detailing several misconfiguration issues that affected the kubelet. This feature of Kubernetes functions as the primary “node agent” running on each node. In order to support this functionality, the kubelet maintains full control over a pod running in a node.
21. Securing your NodeJs Express Application — Part 1
Review common mistakes and vulnerabilities in JavaScript like command injection and see how to secure NodeJs and express using npm packages like hpp and helmet
22. How to Keep OpenSSL Updated in an Enterprise Environment
Outdated systems can leave us vulnerable to bad actors. Zero-day exploits are common with just about every system that exists. If we do not upgrade regularly, we leave ourselves at the mercy of black-hat hackers who regularly take advantage of any out-of-date application they can find. This is equally true with OpenSSL as with anything else.
23. Breaking Down 3 API Security Breaches
The following three API security breaches provide helpful lessons for improving security today.
24. How to Protect Your Kindle From Hackers
On August 6, 2021, findings of a security flaw in Amazon’s Kindle e-reader were disclosed by Slava Makkaeveev, a researcher from Check Point. You can patch it.
25. How to Optimize Your Web Server for Better Website Performance
In this digital world, the success of your website lies in its first impression and user experience. A website that takes a loading time more than a blink of an eye makes them so frustrated and abandoned the website. It can create an adverse impact on search engine ranking and business of that website.
26. Spotlight on the Server-Side: A Guide to SSRF Vulnerabilities
Server-side request forgery (SSRF) vulnerabilities can lead to total system compromise. Discover where they’re common, examples, and prevention tips.
27. How Does the Adversarial Cycle Apply to Coding and Security?
Even if the code is perfect, an attacker can exploit it.
28. Common Vulnerabilities and Exposures: A Poem
There's still some cases of malware always-alarmed-and-on, always large-in-scale in sight and run via spray pray on-site.
29. Top 9 Security Practices at Kubernetes in 2020
In January 2019, Kubernetes, the world's most popular container orchestration system, discovered the first major security vulnerability that hit the project’s ecosystem. Vulnerability CVE-2018-1002105 allows attackers to compromise clusters via the Kubernetes API server, which allows malicious code to be executed to install malware, etc.
30. BREAKING New Threat Analysis: Killnet Hack-for-Hire Group
New threat analysis detailing research performed by Quadrant Security on the Killnet hack-for-hire group.
31. Stack Overflow Vulnerability
Stack overflow is a type of buffer overflow vulnerability. When we pour water in a glass more than its capacity the water spills or overflow, similarly when we enter data in a buffer more than its capacity the data overflows to adjacent memory location causing program to crash. This is know as buffer overflow.
32. Handling Vulnerabilities Due to De-serialization in Java Applications
When it comes to vulnerabilities, it's crucial to understand how Java objects are stored and accessed.
33. How We Could Have Listened to Anyone’s Call Recordings
How PingSafe managed to find and report a vulnerability in an automatic all recorder that would have allowed us to listen to anyone's call recordings
34. Roadmap and Resources to Become an Ethical Hacker
How to become an ethical hacker
35. How to Fix Your Broken Vulnerability Management
CVSS scores are broken measures of vulnerability criticality. SSVC is a viable solution to the problems created by CVSS scoring when used in isolation.
36. Crack Open the IoT Vulnerabilities of Realtek
Taiwanese chip designer Realtek has warned of four recent vulnerabilities in three SDKs in its WiFi modules.
37. AU Government Fails Cybersecurity Targets as PM Warns of Cyber Threat
On June 19 this year Australian Prime Minister, Scott Morrison, alerted the nation to the fact they were undergoing cyber attack.
38. Planning Cyber Security Budget Thoroughly: 2021 Edition
Budgeting for cybersecurity is a challenging process. Here are some tips, how you can plan your cyber security budget effectively.
39. 10 Common Java Vulnerabilities Every Security Engineer Should Know
This article covers the most common security vulnerabilities for Java programming
40. Your Top 5 Software Composition Analysis Questions Answered
With the fast growth of the usage of open source in all industries, the need to track its components becomes dire as ever. Software Composition Analysis (SCA) is an open source component management solution for providing and automating visibility into the open source in your software.
41. How The Rise of Vulnerabilities Has Shaped Modern Patch Management Practices
Vulnerabilities can seriously damage company’s operations and reputation, but you can protect it by automating live patching of infrastructures with KernelCare.
42. How To Deal With Common Open Source Vulnerabilities
Most successfully IT Companies like Google, Microsoft including small Saas organizations relies on open-source software to power their software and applications architecture, deployments and so on. It really helps speed up the rate at which developers work on a project and also gives developers access to a myriad of top-notch projects.
43. 4 Common Web App Vulnerabilities and How to Combat Them
Expert's advice on how to protect a web application against malicious attacks, accidental damage, and commonly known vulnerabilities in 2021.
44. The Best Practices for Web3 Security Risk Mitigation
This article highlights the risks and vulnerabilities within the Web3 ecosystem and the best practices for Web3 security risk mitigation. Read on.
45. How To Fix The Most Common Linux Kernel Vulnerabilities
The Linux kernel is widely considered the pillar of some of the most popular projects among the open-source community. As the central module of the O.S, the system’s stability, performance, and security rely heavily on the kernel.
46. What Is the Vulnerability Rating Taxonomy (VRT)?
Developed and open-sourced by Bugcrowd, it’s a system designed to address the inherent shortcomings of CVSS ratings when viewed in isolation.
47. How To Block Security Vulnerabilities from Penetrating Your Code
As continuous software deployments grow and become the accepted standard, security measures gain even more importance. From development and all the way through to production, security requirements should be adopted by all teams in an organization.
48. How a Supply-Chain Breach Put at Risk Atlassian Accounts
On November 16, 2020 Check Point Research (CPR) uncovered chained vulnerabilities that together can be used to take over an account and control Atlassian apps.
49. The Powerdir MacOS Bug Could Allow Attackers to Snoop On You
The vulnerability allows malicious apps to bypass privacy preferences. Precisely, it could allow an attacker to bypass the operating system's Transparency, Cons
50. The Rise and Fall of APTR1 Exploit Jian
Cyber weapons are digital and volatile by nature. Stealing them and transferring from one continent to another, can be as simple as sending an email.
51. How Should Companies Build a Robust Cybersecurity Culture?
In the modern age of information and technology, there’s not a single individual or organization that would object to the tightening of cybersecurity within an enterprise.
52. Viewing K8S Cluster Security from the Perspective of Attackers (Part 2)
This article will continue to introduce attack points on K8S Cluster security.
53. CVEs: How Keeping a Catalogue of Common Vulnerabilities and Exposures Helps Your Company
CVE combines a dictionary and a catalog containing names for vulnerabilities and other information security vulnerabilities.
54. PCI DSS – Compliance Requirements and How to Meet Them
Is your business involved in any type of payment card processing? Then you need to be aware of the PCI DSS requirements. In this article, we take a closer look at some of the requirements defined by PCI DSS and show how they can be met.
55. Over 35 Tech Companies Compromised in Novel Software Supply Chain Attack
Security researcher Alex Birsan breached systems of over 35 tech companies in what has been described as a novel software supply chain attack.
56. Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg
CVE 2021–45046, says the fix to address CVE-2021–44228 in Apache Log4j 2.15.0 was "incomplete in certain non-default configurations."
57. Top 10 C++ Open Source Project Bugs Found in 2019
Another year is drawing to an end, and it's a perfect time to make yourself a cup of coffee and reread the reviews of bugs collected across open-source projects over this year. This would take quite a while, of course, so we prepared this article to make it easier for you. Today we'll be recalling the most interesting dark spots that we came across in open-source C/C++ projects in 2019.
58. What Vulnerabilities FreakOut Takes Advantage of for Creating a Botnet
Check Point Research encountered several attacks that exploited multiple vulnerabilities, including some that were only recently published, to inject OS command
Thank you for checking out the 58 most read stories about Vulnerabilities on HackerNoon.
Visit the /Learn Repo to find the most read stories about any technology.