AppCheck Security Blog

FEATURED POST

CVE-2023-32315: Ignite RealTime Openfire XMPP Server < v4.7.5 – Unauthorised Access to Administrative Console via Path Traversal Vulnerability in Setup Environment

read more
Filter by:
View all
Case Studies
Events
General
News
Product
Research
Security Alerts
Appcheck - icons

Microsoft Patch Tuesday – April 9th 2024

“Patch Tuesday” is an unofficial term used to refer to the second Tuesday of each month, when Microsoft, Adobe, Oracle and others regularly release software patches for their software products. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle, but these are known as “Out-of-band” releases. Security updates for April 9th 2024 – critical bypass of ‘smartscreen’ protection mechanism among 149 vulnerabilities this month.
Read More
Appcheck - icons

Known Actively Exploited Vulnerabilities Round-up (19.04.24-25.04.24)

This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.
Read More
Appcheck - icons

Product Update: Windows Patch Detection Enhancements

This new feature update streamlines the process of checking for these changes by automatically scanning Windows devices to identify any missing patches and check for specific patch configurations, such as registry settings. These missing patches and configurations are then cross-referenced against our internal database, known as VulnFeed.
Read More
Appcheck - icons

AppCheck Security Seminar June 2024

If you think you would benefit from understanding how hackers are actively exploiting web applications and APIs today, including hacking demonstrations, prevention techniques, a review of the latest hacks, and a detailed overview of the vulnerability threat landscape, please respond today to secure your seats. (We’ll also take a sneak peek into the benefits, challenges, and recommendations for automated security testing of complex Web Applications and APIs)
Read More
Appcheck - icons

CVE-2024-3400: Palo Alto Networks PAN-OS < v11.1.2 – Unauthorised Execution of Arbitrary Code (RCE) via Command Injection Vulnerability in GlobalProtect Feature

A command injection vulnerability exists in the GlobalProtect feature of Palo Alto Networks PAN-OS software with the configurations for both GlobalProtect gateway and device telemetry enabled. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Read More
Appcheck - icons

What are ‘Daisy-Chaining’, ‘Pivot Attacks’ and ‘Blended Threats’?

In this blog post we look at what daisy-chaining, blended threats and pivoting mean within a cybersecurity context, the differences between them, and what they can tell us about how attackers go about exploiting weaknesses in an organisation’s cybersecurity attack surface. We wrap up by summarising how this knowledge can be used to better protect against the potentially devastating attacks and exploits they can deliver.
Read More

Get in touch

Start your free trial

Simply complete the form and we’ll send you all you need to activate AppCheck and undertake your FREE scan.
Your details
IP Addresses
URLs