AppCheck Security Blog

FEATURED POST

CVE-2023-32315: Ignite RealTime Openfire XMPP Server < v4.7.5 – Unauthorised Access to Administrative Console via Path Traversal Vulnerability in Setup Environment

Appcheck - icons
“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle and others regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases. Security updates for April 9th 2024 – critical bypass of ‘smartscreen’ protection mechanism among 149 vulnerabilities this month.
Appcheck - icons
This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.
Appcheck - icons
This new feature update streamlines the process of checking for these changes by automatically scanning Windows devices to identify any missing patches and check for specific patch configurations, such as registry settings. These missing patches and configurations are then cross-referenced against our internal database, known as VulnFeed.
Appcheck - icons
If you think you would benefit from understanding how hackers are actively exploiting web applications and APIs today, including hacking demonstrations, prevention techniques, a review of the latest hacks, and a detailed overview of the vulnerability threat landscape, please respond today to secure your seats. (We’ll also take a sneak peek into the benefits, challenges, and recommendations for automated security testing of complex Web Applications and APIs)
Appcheck - icons
A command injection vulnerability exists in the GlobalProtect feature of Palo Alto Networks PAN-OS software with the configurations for both GlobalProtect gateway and device telemetry enabled. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Appcheck - icons
In this blog post we look at what daisy-chaining, blended threats and pivoting mean within a cybersecurity context, the differences between them, and what they can tell us about how attackers go about exploiting weaknesses in an organisation’s cybersecurity attack surface. We wrap up by summarising how this knowledge can be used to better protect against the potentially devastating attacks and exploits they can deliver.

Get in touch

Start your free trial

Your details
IP Addresses
URLs